From 5464ad5b64f7ce7c3d78082352189af7c8feb95f Mon Sep 17 00:00:00 2001 From: Julien Rische Date: Fri, 6 Sep 2024 17:18:11 +0200 Subject: [PATCH] Fix various issues detected by static analysis (cherry picked from commit 53d352949941ee236461658d01f03c37abafc6f6) --- src/clients/klist/klist.c | 13 +++++++------ src/kadmin/dbutil/dump.c | 5 +++++ src/kdc/ndr.c | 2 +- src/lib/kdb/decrypt_key.c | 2 +- src/lib/rpc/svc_auth_gss.c | 5 ++++- src/lib/rpc/svc_udp.c | 13 +++++++------ src/util/support/threads.c | 2 -- 7 files changed, 25 insertions(+), 17 deletions(-) diff --git a/src/clients/klist/klist.c b/src/clients/klist/klist.c index 27cf0ee11b..9db66f6072 100644 --- a/src/clients/klist/klist.c +++ b/src/clients/klist/klist.c @@ -666,7 +666,7 @@ show_credential(krb5_creds *cred) krb5_error_code ret; krb5_ticket *tkt = NULL; char *name = NULL, *sname = NULL, *tktsname, *flags; - int extra_field = 0, ccol = 0, i; + int extra_field = 0, ccol = 0, i, r; krb5_boolean is_config = krb5_is_config_principal(context, cred->server); ret = krb5_unparse_name(context, cred->client, &name); @@ -696,11 +696,12 @@ show_credential(krb5_creds *cred) fputs("config: ", stdout); ccol = 8; for (i = 1; i < cred->server->length; i++) { - ccol += printf("%s%.*s%s", - i > 1 ? "(" : "", - (int)cred->server->data[i].length, - cred->server->data[i].data, - i > 1 ? ")" : ""); + r = printf("%s%.*s%s", i > 1 ? "(" : "", + (int)cred->server->data[i].length, + cred->server->data[i].data, + i > 1 ? ")" : ""); + if (r >= 0) + ccol += r; } fputs(" = ", stdout); ccol += 3; diff --git a/src/kadmin/dbutil/dump.c b/src/kadmin/dbutil/dump.c index 4d6cc0bdf9..feb053d834 100644 --- a/src/kadmin/dbutil/dump.c +++ b/src/kadmin/dbutil/dump.c @@ -704,6 +704,11 @@ process_k5beta7_princ(krb5_context context, const char *fname, FILE *filep, dbentry->len = u1; dbentry->n_key_data = u4; + + if (u5 > UINT16_MAX) { + load_err(fname, *linenop, _("invalid principal extra data size")); + goto fail; + } dbentry->e_length = u5; if (kp != NULL) { diff --git a/src/kdc/ndr.c b/src/kdc/ndr.c index d438408ee2..38be9fe42a 100644 --- a/src/kdc/ndr.c +++ b/src/kdc/ndr.c @@ -242,7 +242,7 @@ ndr_enc_delegation_info(struct pac_s4u_delegation_info *in, krb5_data *out) { krb5_error_code ret; size_t i; - struct k5buf b; + struct k5buf b = EMPTY_K5BUF; struct encoded_wchars pt_encoded = { 0 }, *tss_encoded = NULL; uint32_t pointer = 0; diff --git a/src/lib/kdb/decrypt_key.c b/src/lib/kdb/decrypt_key.c index 82bbed6312..c971793c9d 100644 --- a/src/lib/kdb/decrypt_key.c +++ b/src/lib/kdb/decrypt_key.c @@ -60,7 +60,7 @@ krb5_dbe_def_decrypt_key_data(krb5_context context, const krb5_keyblock *mkey, krb5_keyblock *dbkey_out, krb5_keysalt *keysalt_out) { - krb5_error_code ret; + krb5_error_code ret = KRB5_CRYPTO_INTERNAL; int16_t keylen; krb5_enc_data cipher; krb5_data plain = empty_data(); diff --git a/src/lib/rpc/svc_auth_gss.c b/src/lib/rpc/svc_auth_gss.c index 98d601c8ab..461e5de542 100644 --- a/src/lib/rpc/svc_auth_gss.c +++ b/src/lib/rpc/svc_auth_gss.c @@ -297,7 +297,7 @@ svcauth_gss_validate(struct svc_req *rqst, struct svc_rpc_gss_data *gd, struct r struct opaque_auth *oa; gss_buffer_desc rpcbuf, checksum; OM_uint32 maj_stat, min_stat, qop_state; - u_char rpchdr[128]; + u_char rpchdr[32 + MAX_AUTH_BYTES]; int32_t *buf; log_debug("in svcauth_gss_validate()"); @@ -315,6 +315,8 @@ svcauth_gss_validate(struct svc_req *rqst, struct svc_rpc_gss_data *gd, struct r return (FALSE); buf = (int32_t *)(void *)rpchdr; + + /* Write the 32 first bytes of the header. */ IXDR_PUT_LONG(buf, msg->rm_xid); IXDR_PUT_ENUM(buf, msg->rm_direction); IXDR_PUT_LONG(buf, msg->rm_call.cb_rpcvers); @@ -323,6 +325,7 @@ svcauth_gss_validate(struct svc_req *rqst, struct svc_rpc_gss_data *gd, struct r IXDR_PUT_LONG(buf, msg->rm_call.cb_proc); IXDR_PUT_ENUM(buf, oa->oa_flavor); IXDR_PUT_LONG(buf, oa->oa_length); + if (oa->oa_length) { memcpy((caddr_t)buf, oa->oa_base, oa->oa_length); buf += RNDUP(oa->oa_length) / sizeof(int32_t); diff --git a/src/lib/rpc/svc_udp.c b/src/lib/rpc/svc_udp.c index 8ecbdf2b33..3aff277eb7 100644 --- a/src/lib/rpc/svc_udp.c +++ b/src/lib/rpc/svc_udp.c @@ -248,8 +248,9 @@ static bool_t svcudp_reply( { struct svcudp_data *su = su_data(xprt); XDR *xdrs = &su->su_xdrs; - int slen; + u_int slen; bool_t stat = FALSE; + ssize_t r; xdrproc_t xdr_results = NULL; caddr_t xdr_location = 0; @@ -272,12 +273,12 @@ static bool_t svcudp_reply( if (xdr_replymsg(xdrs, msg) && (!has_args || (SVCAUTH_WRAP(xprt->xp_auth, xdrs, xdr_results, xdr_location)))) { - slen = (int)XDR_GETPOS(xdrs); - if (sendto(xprt->xp_sock, rpc_buffer(xprt), slen, 0, - (struct sockaddr *)&(xprt->xp_raddr), xprt->xp_addrlen) - == slen) { + slen = XDR_GETPOS(xdrs); + r = sendto(xprt->xp_sock, rpc_buffer(xprt), slen, 0, + (struct sockaddr *)&(xprt->xp_raddr), xprt->xp_addrlen); + if (r >= 0 && (u_int)r == slen) { stat = TRUE; - if (su->su_cache && slen >= 0) { + if (su->su_cache) { cache_set(xprt, (uint32_t) slen); } } diff --git a/src/util/support/threads.c b/src/util/support/threads.c index be7e4c2e3f..4ded805b79 100644 --- a/src/util/support/threads.c +++ b/src/util/support/threads.c @@ -118,7 +118,6 @@ struct tsd_block { # pragma weak pthread_mutex_destroy # pragma weak pthread_mutex_init # pragma weak pthread_self -# pragma weak pthread_equal # pragma weak pthread_getspecific # pragma weak pthread_setspecific # pragma weak pthread_key_create @@ -151,7 +150,6 @@ int krb5int_pthread_loaded (void) || &pthread_mutex_destroy == 0 || &pthread_mutex_init == 0 || &pthread_self == 0 - || &pthread_equal == 0 /* Any program that's really multithreaded will have to be able to create threads. */ || &pthread_create == 0 -- 2.46.0