libgssapi: avoid NULL pointer dereferences.
While here also use NULL instead of zero for pointers. Found with coccinelle. MFC after: 1 week
This commit is contained in:
Pedro F. Giffuni
parent
361c75321b
commit
6baf7cc80e
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=297942
@ -121,7 +121,7 @@ gss_add_cred(OM_uint32 *minor_status,
|
|||||||
* gss_add_cred for that mechanism, otherwise we copy the mc
|
* gss_add_cred for that mechanism, otherwise we copy the mc
|
||||||
* to new_cred.
|
* to new_cred.
|
||||||
*/
|
*/
|
||||||
target_mc = 0;
|
target_mc = NULL;
|
||||||
if (cred) {
|
if (cred) {
|
||||||
SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) {
|
SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) {
|
||||||
if (gss_oid_equal(mc->gmc_mech_oid, desired_mech)) {
|
if (gss_oid_equal(mc->gmc_mech_oid, desired_mech)) {
|
||||||
@ -151,7 +151,7 @@ gss_add_cred(OM_uint32 *minor_status,
|
|||||||
return (major_status);
|
return (major_status);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
mn = 0;
|
mn = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
m = _gss_find_mech_switch(desired_mech);
|
m = _gss_find_mech_switch(desired_mech);
|
||||||
|
|||||||
@ -47,7 +47,7 @@ gss_encapsulate_token(const gss_buffer_t input_token, gss_OID oid,
|
|||||||
* First time around, we calculate the size, second time, we
|
* First time around, we calculate the size, second time, we
|
||||||
* encode the token.
|
* encode the token.
|
||||||
*/
|
*/
|
||||||
p = 0;
|
p = NULL;
|
||||||
for (i = 0; i < 2; i++) {
|
for (i = 0; i < 2; i++) {
|
||||||
len = 0;
|
len = 0;
|
||||||
|
|
||||||
|
|||||||
@ -40,13 +40,14 @@ gss_get_mic(OM_uint32 *minor_status,
|
|||||||
gss_buffer_t message_token)
|
gss_buffer_t message_token)
|
||||||
{
|
{
|
||||||
struct _gss_context *ctx = (struct _gss_context *) context_handle;
|
struct _gss_context *ctx = (struct _gss_context *) context_handle;
|
||||||
struct _gss_mech_switch *m = ctx->gc_mech;
|
struct _gss_mech_switch *m;
|
||||||
|
|
||||||
_gss_buffer_zero(message_token);
|
_gss_buffer_zero(message_token);
|
||||||
if (ctx == NULL) {
|
if (ctx == NULL) {
|
||||||
*minor_status = 0;
|
*minor_status = 0;
|
||||||
return (GSS_S_NO_CONTEXT);
|
return (GSS_S_NO_CONTEXT);
|
||||||
}
|
}
|
||||||
|
m = ctx->gc_mech;
|
||||||
|
|
||||||
return (m->gm_get_mic(minor_status, ctx->gc_ctx, qop_req,
|
return (m->gm_get_mic(minor_status, ctx->gc_ctx, qop_req,
|
||||||
message_buffer, message_token));
|
message_buffer, message_token));
|
||||||
|
|||||||
@ -99,7 +99,7 @@ gss_inquire_context(OM_uint32 *minor_status,
|
|||||||
if (src_name)
|
if (src_name)
|
||||||
gss_release_name(minor_status, src_name);
|
gss_release_name(minor_status, src_name);
|
||||||
m->gm_release_name(minor_status, &src_mn);
|
m->gm_release_name(minor_status, &src_mn);
|
||||||
minor_status = 0;
|
minor_status = NULL;
|
||||||
return (GSS_S_FAILURE);
|
return (GSS_S_FAILURE);
|
||||||
}
|
}
|
||||||
*targ_name = (gss_name_t) name;
|
*targ_name = (gss_name_t) name;
|
||||||
|
|||||||
@ -83,7 +83,7 @@ _gss_string_to_oid(const char* s, gss_OID oid)
|
|||||||
* out the size. Second time around, we actually encode the
|
* out the size. Second time around, we actually encode the
|
||||||
* number.
|
* number.
|
||||||
*/
|
*/
|
||||||
res = 0;
|
res = NULL;
|
||||||
for (i = 0; i < 2; i++) {
|
for (i = 0; i < 2; i++) {
|
||||||
byte_count = 0;
|
byte_count = 0;
|
||||||
for (p = s, j = 0; p; p = q, j++) {
|
for (p = s, j = 0; p; p = q, j++) {
|
||||||
|
|||||||
@ -48,7 +48,7 @@ gss_pseudo_random(OM_uint32 *minor_status,
|
|||||||
gss_buffer_t prf_out)
|
gss_buffer_t prf_out)
|
||||||
{
|
{
|
||||||
struct _gss_context *ctx = (struct _gss_context *) context;
|
struct _gss_context *ctx = (struct _gss_context *) context;
|
||||||
struct _gss_mech_switch *m = ctx->gc_mech;
|
struct _gss_mech_switch *m;
|
||||||
OM_uint32 major_status;
|
OM_uint32 major_status;
|
||||||
|
|
||||||
_gss_buffer_zero(prf_out);
|
_gss_buffer_zero(prf_out);
|
||||||
@ -58,6 +58,7 @@ gss_pseudo_random(OM_uint32 *minor_status,
|
|||||||
*minor_status = 0;
|
*minor_status = 0;
|
||||||
return GSS_S_NO_CONTEXT;
|
return GSS_S_NO_CONTEXT;
|
||||||
}
|
}
|
||||||
|
m = ctx->gc_mech;
|
||||||
|
|
||||||
if (m->gm_pseudo_random == NULL)
|
if (m->gm_pseudo_random == NULL)
|
||||||
return GSS_S_UNAVAILABLE;
|
return GSS_S_UNAVAILABLE;
|
||||||
|
|||||||
@ -39,7 +39,7 @@ gss_verify_mic(OM_uint32 *minor_status,
|
|||||||
gss_qop_t *qop_state)
|
gss_qop_t *qop_state)
|
||||||
{
|
{
|
||||||
struct _gss_context *ctx = (struct _gss_context *) context_handle;
|
struct _gss_context *ctx = (struct _gss_context *) context_handle;
|
||||||
struct _gss_mech_switch *m = ctx->gc_mech;
|
struct _gss_mech_switch *m;
|
||||||
|
|
||||||
if (qop_state)
|
if (qop_state)
|
||||||
*qop_state = 0;
|
*qop_state = 0;
|
||||||
@ -47,6 +47,7 @@ gss_verify_mic(OM_uint32 *minor_status,
|
|||||||
*minor_status = 0;
|
*minor_status = 0;
|
||||||
return (GSS_S_NO_CONTEXT);
|
return (GSS_S_NO_CONTEXT);
|
||||||
}
|
}
|
||||||
|
m = ctx->gc_mech;
|
||||||
|
|
||||||
return (m->gm_verify_mic(minor_status, ctx->gc_ctx,
|
return (m->gm_verify_mic(minor_status, ctx->gc_ctx,
|
||||||
message_buffer, token_buffer, qop_state));
|
message_buffer, token_buffer, qop_state));
|
||||||
|
|||||||
@ -42,7 +42,7 @@ gss_wrap(OM_uint32 *minor_status,
|
|||||||
gss_buffer_t output_message_buffer)
|
gss_buffer_t output_message_buffer)
|
||||||
{
|
{
|
||||||
struct _gss_context *ctx = (struct _gss_context *) context_handle;
|
struct _gss_context *ctx = (struct _gss_context *) context_handle;
|
||||||
struct _gss_mech_switch *m = ctx->gc_mech;
|
struct _gss_mech_switch *m;
|
||||||
|
|
||||||
if (conf_state)
|
if (conf_state)
|
||||||
*conf_state = 0;
|
*conf_state = 0;
|
||||||
@ -51,6 +51,7 @@ gss_wrap(OM_uint32 *minor_status,
|
|||||||
*minor_status = 0;
|
*minor_status = 0;
|
||||||
return (GSS_S_NO_CONTEXT);
|
return (GSS_S_NO_CONTEXT);
|
||||||
}
|
}
|
||||||
|
m = ctx->gc_mech;
|
||||||
|
|
||||||
return (m->gm_wrap(minor_status, ctx->gc_ctx,
|
return (m->gm_wrap(minor_status, ctx->gc_ctx,
|
||||||
conf_req_flag, qop_req, input_message_buffer,
|
conf_req_flag, qop_req, input_message_buffer,
|
||||||
|
|||||||
@ -40,13 +40,14 @@ gss_wrap_size_limit(OM_uint32 *minor_status,
|
|||||||
OM_uint32 *max_input_size)
|
OM_uint32 *max_input_size)
|
||||||
{
|
{
|
||||||
struct _gss_context *ctx = (struct _gss_context *) context_handle;
|
struct _gss_context *ctx = (struct _gss_context *) context_handle;
|
||||||
struct _gss_mech_switch *m = ctx->gc_mech;
|
struct _gss_mech_switch *m;
|
||||||
|
|
||||||
*max_input_size = 0;
|
*max_input_size = 0;
|
||||||
if (ctx == NULL) {
|
if (ctx == NULL) {
|
||||||
*minor_status = 0;
|
*minor_status = 0;
|
||||||
return (GSS_S_NO_CONTEXT);
|
return (GSS_S_NO_CONTEXT);
|
||||||
}
|
}
|
||||||
|
m = ctx->gc_mech;
|
||||||
|
|
||||||
return (m->gm_wrap_size_limit(minor_status, ctx->gc_ctx,
|
return (m->gm_wrap_size_limit(minor_status, ctx->gc_ctx,
|
||||||
conf_req_flag, qop_req, req_output_size, max_input_size));
|
conf_req_flag, qop_req, req_output_size, max_input_size));
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user