git: 5040a7a9aa67 - main - heimdal: Add missing iprop error checks.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 27 Nov 2022 02:44:06 UTC
The branch main has been updated by cy: URL: https://cgit.FreeBSD.org/src/commit/?id=5040a7a9aa67861a095bae6edfbc67572cd24457 commit 5040a7a9aa67861a095bae6edfbc67572cd24457 Author: Cy Schubert <cy@FreeBSD.org> AuthorDate: 2022-11-26 18:19:55 +0000 Commit: Cy Schubert <cy@FreeBSD.org> CommitDate: 2022-11-27 02:41:52 +0000 heimdal: Add missing iprop error checks. Inspired by upstream 9d6dd21256f87988605fa75172be9cc92535064c. Obtained from: Heimdal 9d6dd21256f87988605fa75172be9cc92535064c MFC after: 3 days --- crypto/heimdal/lib/kadm5/iprop-log.c | 48 ++++++++++++++++++++++-------------- 1 file changed, 30 insertions(+), 18 deletions(-) diff --git a/crypto/heimdal/lib/kadm5/iprop-log.c b/crypto/heimdal/lib/kadm5/iprop-log.c index b201de66d1f6..7e4e1a55ea9a 100644 --- a/crypto/heimdal/lib/kadm5/iprop-log.c +++ b/crypto/heimdal/lib/kadm5/iprop-log.c @@ -134,21 +134,29 @@ print_entry(kadm5_server_context *server_context, op_names[op], ver, t, len); switch(op) { case kadm_delete: - krb5_ret_principal(sp, &source); - krb5_unparse_name(scontext, source, &name1); + ret = krb5_unparse_name(scontext, source, &name1); + if (ret == 0) + ret = krb5_ret_principal(sp, &source); + if (ret) + krb5_err(scontext, 1, ret, "Failed to read a delete record"); printf(" %s\n", name1); free(name1); krb5_free_principal(scontext, source); break; case kadm_rename: ret = krb5_data_alloc(&data, len); + if (ret == 0) + krb5_ret_principal(sp, &source); + if (ret == 0 && krb5_storage_read(sp, data.data, data.length)) + ret = errno; + if (ret == 0) + ret = hdb_value2entry(scontext, &data, &ent); + if (ret == 0) + ret = krb5_unparse_name(scontext, source, &name1); + if (ret == 0) + ret = krb5_unparse_name(scontext, ent.principal, &name2); if (ret) krb5_err (scontext, 1, ret, "kadm_rename: data alloc: %d", len); - krb5_ret_principal(sp, &source); - krb5_storage_read(sp, data.data, data.length); - hdb_value2entry(scontext, &data, &ent); - krb5_unparse_name(scontext, source, &name1); - krb5_unparse_name(scontext, ent.principal, &name2); printf(" %s -> %s\n", name1, name2); free(name1); free(name2); @@ -157,26 +165,30 @@ print_entry(kadm5_server_context *server_context, break; case kadm_create: ret = krb5_data_alloc(&data, len); + if (ret == 0 && krb5_storage_read(sp, data.data, data.length)) + ret = errno; + if (ret == 0) + ret = hdb_value2entry(scontext, &data, &ent); if (ret) krb5_err (scontext, 1, ret, "kadm_create: data alloc: %d", len); - krb5_storage_read(sp, data.data, data.length); - ret = hdb_value2entry(scontext, &data, &ent); - if(ret) - abort(); mask = ~0; goto foo; case kadm_modify: ret = krb5_data_alloc(&data, len); + if (ret == 0) + ret = krb5_ret_int32(sp, &mask); + if (ret == 0 && krb5_storage_read(sp, data.data, data.length)) + ret = errno; + if (ret == 0) + ret = hdb_value2entry(scontext, &data, &ent); if (ret) krb5_err (scontext, 1, ret, "kadm_modify: data alloc: %d", len); - krb5_ret_int32(sp, &mask); - krb5_storage_read(sp, data.data, data.length); - ret = hdb_value2entry(scontext, &data, &ent); - if(ret) - abort(); foo: if(ent.principal /* mask & KADM5_PRINCIPAL */) { - krb5_unparse_name(scontext, ent.principal, &name1); + ret = krb5_unparse_name(scontext, ent.principal, &name1); + if (ret) + krb5_err(scontext, 1, ret, + "Failed to process a create or modify record"); printf(" principal = %s\n", name1); free(name1); } @@ -260,7 +272,7 @@ print_entry(kadm5_server_context *server_context, case kadm_nop : break; default: - abort(); + krb5_errx(scontext, 1, "Unknown record type"); } krb5_storage_seek(sp, end, SEEK_SET); }