From 6baf7cc80ea9cb47434833c387c09cacfd248571 Mon Sep 17 00:00:00 2001 From: "Pedro F. Giffuni" Date: Wed, 13 Apr 2016 21:08:02 +0000 Subject: [PATCH] libgssapi: avoid NULL pointer dereferences. While here also use NULL instead of zero for pointers. Found with coccinelle. MFC after: 1 week --- lib/libgssapi/gss_add_cred.c | 4 ++-- lib/libgssapi/gss_encapsulate_token.c | 2 +- lib/libgssapi/gss_get_mic.c | 3 ++- lib/libgssapi/gss_inquire_context.c | 2 +- lib/libgssapi/gss_mech_switch.c | 2 +- lib/libgssapi/gss_pseudo_random.c | 3 ++- lib/libgssapi/gss_verify_mic.c | 3 ++- lib/libgssapi/gss_wrap.c | 3 ++- lib/libgssapi/gss_wrap_size_limit.c | 3 ++- 9 files changed, 15 insertions(+), 10 deletions(-) diff --git a/lib/libgssapi/gss_add_cred.c b/lib/libgssapi/gss_add_cred.c index 4dcca18a3251..34e29b1a2b71 100644 --- a/lib/libgssapi/gss_add_cred.c +++ b/lib/libgssapi/gss_add_cred.c @@ -121,7 +121,7 @@ gss_add_cred(OM_uint32 *minor_status, * gss_add_cred for that mechanism, otherwise we copy the mc * to new_cred. */ - target_mc = 0; + target_mc = NULL; if (cred) { SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) { if (gss_oid_equal(mc->gmc_mech_oid, desired_mech)) { @@ -151,7 +151,7 @@ gss_add_cred(OM_uint32 *minor_status, return (major_status); } } else { - mn = 0; + mn = NULL; } m = _gss_find_mech_switch(desired_mech); diff --git a/lib/libgssapi/gss_encapsulate_token.c b/lib/libgssapi/gss_encapsulate_token.c index ed0e217d65be..0e33e191ec85 100644 --- a/lib/libgssapi/gss_encapsulate_token.c +++ b/lib/libgssapi/gss_encapsulate_token.c @@ -47,7 +47,7 @@ gss_encapsulate_token(const gss_buffer_t input_token, gss_OID oid, * First time around, we calculate the size, second time, we * encode the token. */ - p = 0; + p = NULL; for (i = 0; i < 2; i++) { len = 0; diff --git a/lib/libgssapi/gss_get_mic.c b/lib/libgssapi/gss_get_mic.c index dff3b545f78f..b55a796dedad 100644 --- a/lib/libgssapi/gss_get_mic.c +++ b/lib/libgssapi/gss_get_mic.c @@ -40,13 +40,14 @@ gss_get_mic(OM_uint32 *minor_status, gss_buffer_t message_token) { struct _gss_context *ctx = (struct _gss_context *) context_handle; - struct _gss_mech_switch *m = ctx->gc_mech; + struct _gss_mech_switch *m; _gss_buffer_zero(message_token); if (ctx == NULL) { *minor_status = 0; return (GSS_S_NO_CONTEXT); } + m = ctx->gc_mech; return (m->gm_get_mic(minor_status, ctx->gc_ctx, qop_req, message_buffer, message_token)); diff --git a/lib/libgssapi/gss_inquire_context.c b/lib/libgssapi/gss_inquire_context.c index c9f2a0c545ef..59e03e819284 100644 --- a/lib/libgssapi/gss_inquire_context.c +++ b/lib/libgssapi/gss_inquire_context.c @@ -99,7 +99,7 @@ gss_inquire_context(OM_uint32 *minor_status, if (src_name) gss_release_name(minor_status, src_name); m->gm_release_name(minor_status, &src_mn); - minor_status = 0; + minor_status = NULL; return (GSS_S_FAILURE); } *targ_name = (gss_name_t) name; diff --git a/lib/libgssapi/gss_mech_switch.c b/lib/libgssapi/gss_mech_switch.c index d07db8865d3f..2d742e7ee232 100644 --- a/lib/libgssapi/gss_mech_switch.c +++ b/lib/libgssapi/gss_mech_switch.c @@ -83,7 +83,7 @@ _gss_string_to_oid(const char* s, gss_OID oid) * out the size. Second time around, we actually encode the * number. */ - res = 0; + res = NULL; for (i = 0; i < 2; i++) { byte_count = 0; for (p = s, j = 0; p; p = q, j++) { diff --git a/lib/libgssapi/gss_pseudo_random.c b/lib/libgssapi/gss_pseudo_random.c index c250d717a62f..c74682329585 100644 --- a/lib/libgssapi/gss_pseudo_random.c +++ b/lib/libgssapi/gss_pseudo_random.c @@ -48,7 +48,7 @@ gss_pseudo_random(OM_uint32 *minor_status, gss_buffer_t prf_out) { struct _gss_context *ctx = (struct _gss_context *) context; - struct _gss_mech_switch *m = ctx->gc_mech; + struct _gss_mech_switch *m; OM_uint32 major_status; _gss_buffer_zero(prf_out); @@ -58,6 +58,7 @@ gss_pseudo_random(OM_uint32 *minor_status, *minor_status = 0; return GSS_S_NO_CONTEXT; } + m = ctx->gc_mech; if (m->gm_pseudo_random == NULL) return GSS_S_UNAVAILABLE; diff --git a/lib/libgssapi/gss_verify_mic.c b/lib/libgssapi/gss_verify_mic.c index fa3d68d035fe..704d7fcc2c78 100644 --- a/lib/libgssapi/gss_verify_mic.c +++ b/lib/libgssapi/gss_verify_mic.c @@ -39,7 +39,7 @@ gss_verify_mic(OM_uint32 *minor_status, gss_qop_t *qop_state) { struct _gss_context *ctx = (struct _gss_context *) context_handle; - struct _gss_mech_switch *m = ctx->gc_mech; + struct _gss_mech_switch *m; if (qop_state) *qop_state = 0; @@ -47,6 +47,7 @@ gss_verify_mic(OM_uint32 *minor_status, *minor_status = 0; return (GSS_S_NO_CONTEXT); } + m = ctx->gc_mech; return (m->gm_verify_mic(minor_status, ctx->gc_ctx, message_buffer, token_buffer, qop_state)); diff --git a/lib/libgssapi/gss_wrap.c b/lib/libgssapi/gss_wrap.c index 2f9431694a5f..1cf046ab86b6 100644 --- a/lib/libgssapi/gss_wrap.c +++ b/lib/libgssapi/gss_wrap.c @@ -42,7 +42,7 @@ gss_wrap(OM_uint32 *minor_status, gss_buffer_t output_message_buffer) { struct _gss_context *ctx = (struct _gss_context *) context_handle; - struct _gss_mech_switch *m = ctx->gc_mech; + struct _gss_mech_switch *m; if (conf_state) *conf_state = 0; @@ -51,6 +51,7 @@ gss_wrap(OM_uint32 *minor_status, *minor_status = 0; return (GSS_S_NO_CONTEXT); } + m = ctx->gc_mech; return (m->gm_wrap(minor_status, ctx->gc_ctx, conf_req_flag, qop_req, input_message_buffer, diff --git a/lib/libgssapi/gss_wrap_size_limit.c b/lib/libgssapi/gss_wrap_size_limit.c index 15a870676da4..7038a576e7c2 100644 --- a/lib/libgssapi/gss_wrap_size_limit.c +++ b/lib/libgssapi/gss_wrap_size_limit.c @@ -40,13 +40,14 @@ gss_wrap_size_limit(OM_uint32 *minor_status, OM_uint32 *max_input_size) { struct _gss_context *ctx = (struct _gss_context *) context_handle; - struct _gss_mech_switch *m = ctx->gc_mech; + struct _gss_mech_switch *m; *max_input_size = 0; if (ctx == NULL) { *minor_status = 0; return (GSS_S_NO_CONTEXT); } + m = ctx->gc_mech; return (m->gm_wrap_size_limit(minor_status, ctx->gc_ctx, conf_req_flag, qop_req, req_output_size, max_input_size));