From c3d96fca46cb2cc3ee9f4c2e2a4ed98bad3e310a Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Thu, 15 Oct 2020 18:15:29 -0400 Subject: [PATCH] Fix minor static analysis defects Remove an unused variable in krb5_ldap_create(). Handle the return value from krb5_dbe_get_string() in the certauth test plugin module. Handle the return value from k5_expand_path_tokens() in k5_rc_default(). Remove dead assignments in krb5_get_credentials_for_user() and kg_accept_krb5(). [ghudson@mit.edu: squashed and edited commit message; simplified k5_rc_default() change] (cherry picked from commit b27461141810fddd299764928649148c5d0e99f3) --- src/lib/gssapi/krb5/accept_sec_context.c | 4 +--- src/lib/krb5/krb/s4u_creds.c | 1 - src/lib/krb5/rcache/rc_base.c | 2 ++ src/plugins/certauth/test/main.c | 3 +++ src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c | 4 ---- 5 files changed, 6 insertions(+), 8 deletions(-) diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c index 3d5b84b15..e2c5e2b59 100644 --- a/src/lib/gssapi/krb5/accept_sec_context.c +++ b/src/lib/gssapi/krb5/accept_sec_context.c @@ -671,7 +671,7 @@ kg_accept_krb5(minor_status, context_handle, krb5_auth_context auth_context = NULL; krb5_ticket * ticket = NULL; const gss_OID_desc *mech_used = NULL; - OM_uint32 major_status = GSS_S_FAILURE; + OM_uint32 major_status; OM_uint32 tmp_minor_status; krb5_error krb_error_data; krb5_data scratch; @@ -878,8 +878,6 @@ kg_accept_krb5(minor_status, context_handle, if (major_status != GSS_S_COMPLETE) goto fail; - major_status = GSS_S_FAILURE; - if (exts->iakerb.conv && !exts->iakerb.verified) { major_status = GSS_S_BAD_SIG; goto fail; diff --git a/src/lib/krb5/krb/s4u_creds.c b/src/lib/krb5/krb/s4u_creds.c index d8f486dc6..35a8843e5 100644 --- a/src/lib/krb5/krb/s4u_creds.c +++ b/src/lib/krb5/krb/s4u_creds.c @@ -714,7 +714,6 @@ krb5_get_credentials_for_user(krb5_context context, krb5_flags options, } else if (code != KRB5_CC_NOTFOUND && code != KRB5_CC_NOT_KTYPE) { goto cleanup; } - code = 0; } /* Note the authdata we asked for in the output creds. */ diff --git a/src/lib/krb5/rcache/rc_base.c b/src/lib/krb5/rcache/rc_base.c index 5f456d1f3..f9a482318 100644 --- a/src/lib/krb5/rcache/rc_base.c +++ b/src/lib/krb5/rcache/rc_base.c @@ -56,6 +56,8 @@ k5_rc_default(krb5_context context, krb5_rcache *rc_out) &profstr) == 0 && profstr != NULL) { ret = k5_expand_path_tokens(context, profstr, &rcname); profile_release_string(profstr); + if (ret) + return ret; ret = k5_rc_resolve(context, rcname, rc_out); free(rcname); return ret; diff --git a/src/plugins/certauth/test/main.c b/src/plugins/certauth/test/main.c index d4633b8cd..7e7a3ef4c 100644 --- a/src/plugins/certauth/test/main.c +++ b/src/plugins/certauth/test/main.c @@ -171,6 +171,9 @@ test2_authorize(krb5_context context, krb5_certauth_moddata moddata, ret = krb5_dbe_get_string(context, (krb5_db_entry *)db_entry, "hwauth", &strval); + if (ret) + goto cleanup; + ret = (strval != NULL) ? KRB5_CERTAUTH_HWAUTH : 0; krb5_dbe_free_string(context, strval); diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c index 5b57c799a..2d6605666 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c @@ -55,7 +55,6 @@ krb5_ldap_create(krb5_context context, char *conf_section, char **db_args) krb5_error_code status = 0; krb5_ldap_realm_params *rparams = NULL; krb5_ldap_context *ldap_context=NULL; - krb5_boolean realm_obj_created = FALSE; int mask = 0; /* Clear the global error string */ @@ -109,9 +108,6 @@ krb5_ldap_create(krb5_context context, char *conf_section, char **db_args) if ((status = krb5_ldap_create_realm(context, rparams, mask))) goto cleanup; - /* We just created the Realm container. Here starts our transaction tracking */ - realm_obj_created = TRUE; - /* verify realm object */ if ((status = krb5_ldap_read_realm_params(context, rparams->realm_name,