Fix issues found by Coverity.

tickets 1166, 1167, 1168, 1169

daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c

@@ -155,7 +155,7 @@ ipa_join(Slapi_PBlock *pb)
         errMesg = "Kerberos realm is not set.\n";
         LOG_FATAL("%s", errMesg);
         rc = LDAP_OPERATIONS_ERROR;
-        goto done;
+        goto free_and_return;
     }
 
     /* Get Bind DN */
@@ -234,7 +234,11 @@ ipa_join(Slapi_PBlock *pb)
      */
 
     is_root = slapi_dn_isroot(bindDN);
-    slapi_pblock_set(pb, SLAPI_REQUESTOR_ISROOT, &is_root);
+    if (slapi_pblock_set(pb, SLAPI_REQUESTOR_ISROOT, &is_root)) {
+        LOG_FATAL("slapi_pblock_set failed!\n");
+        rc = LDAP_OPERATIONS_ERROR;
+        goto free_and_return;
+    }
 
     /* In order to perform the access control check,
      * we need to select a backend (even though
@@ -242,7 +246,11 @@ ipa_join(Slapi_PBlock *pb)
      */
     sdn = slapi_sdn_new_dn_byval(bindDN);
     be = slapi_be_select(sdn);
-    slapi_pblock_set(pb, SLAPI_BACKEND, be);
+    if (slapi_pblock_set(pb, SLAPI_BACKEND, be)) {
+        LOG_FATAL("slapi_pblock_set failed!\n");
+        rc = LDAP_OPERATIONS_ERROR;
+        goto free_and_return;
+    }
 
     /* Access Strategy:
      * If the user has WRITE-ONLY access, a new keytab is set on the entry.

daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c

@@ -265,7 +265,11 @@ parse_req_done:
                           "using the bind DN instead.\n");
 	 }
 
-	 slapi_pblock_set( pb, SLAPI_ORIGINAL_TARGET, dn );
+	 if (slapi_pblock_set( pb, SLAPI_ORIGINAL_TARGET, dn )) {
+		LOG_FATAL("slapi_pblock_set failed!\n");
+		rc = LDAP_OPERATIONS_ERROR;
+		goto free_and_return;
+	 }
 
 	 /* Now we have the DN, look for the entry */
 	 ret = ipapwd_getEntry(dn, &targetEntry, attrlist);
@@ -292,7 +296,11 @@ parse_req_done:
 	  */
 
 	is_root = slapi_dn_isroot(bindDN);
-	slapi_pblock_set(pb, SLAPI_REQUESTOR_ISROOT, &is_root);
+	if (slapi_pblock_set(pb, SLAPI_REQUESTOR_ISROOT, &is_root)) {
+		LOG_FATAL("slapi_pblock_set failed!\n");
+		rc = LDAP_OPERATIONS_ERROR;
+		goto free_and_return;
+	}
 
 	/* In order to perform the access control check, we need to select a
 	 * backend (even though we don't actually need it otherwise).
@@ -306,7 +314,11 @@ parse_req_done:
 			rc = LDAP_OPERATIONS_ERROR;
 			goto free_and_return;
 		}
-		slapi_pblock_set(pb, SLAPI_BACKEND, be);
+		if (slapi_pblock_set(pb, SLAPI_BACKEND, be)) {
+			LOG_FATAL("slapi_pblock_set failed!\n");
+			rc = LDAP_OPERATIONS_ERROR;
+			goto free_and_return;
+		}
 	}
 
 	ret = slapi_access_allowed( pb, targetEntry, "krbPrincipalKey", NULL, SLAPI_ACL_WRITE );
@@ -613,13 +625,21 @@ static int ipapwd_setkeytab(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg)
 	 */
 
 	is_root = slapi_dn_isroot(bindDN);
-	slapi_pblock_set(pb, SLAPI_REQUESTOR_ISROOT, &is_root);
+	if (slapi_pblock_set(pb, SLAPI_REQUESTOR_ISROOT, &is_root)) {
+		LOG_FATAL("slapi_pblock_set failed!\n");
+		rc = LDAP_OPERATIONS_ERROR;
+		goto free_and_return;
+	}
 
 	/* In order to perform the access control check,
 	 * we need to select a backend (even though
 	 * we don't actually need it otherwise).
 	 */
-	slapi_pblock_set(pb, SLAPI_BACKEND, be);
+	if (slapi_pblock_set(pb, SLAPI_BACKEND, be)) {
+		LOG_FATAL("slapi_pblock_set failed!\n");
+		rc = LDAP_OPERATIONS_ERROR;
+		goto free_and_return;
+	}
 
 	/* Access Strategy:
 	 * If the user has WRITE-ONLY access, a new keytab is set on the entry.

daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_prepost.c

@@ -766,7 +766,10 @@ done:
     /* put back a, possibly modified, set of mods */
     if (smods) {
         mods = slapi_mods_get_ldapmods_passout(smods);
-        slapi_pblock_set(pb, SLAPI_MODIFY_MODS, mods);
+        if (slapi_pblock_set(pb, SLAPI_MODIFY_MODS, mods)) {
+            LOG_FATAL("slapi_pblock_set failed!\n");
+            rc = LDAP_OPERATIONS_ERROR;
+        }
         slapi_mods_free(&smods);
     }
 

daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c

@@ -1111,8 +1111,14 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype)
                     slapi_entry_set_sdn(e, sdn);
 
                     /* reset the target DN since we've changed it. */
-                    slapi_pblock_set(pb, SLAPI_ADD_TARGET,
-                                         (char*)slapi_sdn_get_ndn(slapi_entry_get_sdn_const(e)));
+                    if (slapi_pblock_set(pb, SLAPI_ADD_TARGET,
+                                             (char*)slapi_sdn_get_ndn(slapi_entry_get_sdn_const(e)))) {
+                        LOG_FATAL("slapi_block_set failed!\n");
+                        ret = LDAP_OPERATIONS_ERROR;
+                        slapi_rdn_free(&rdn);
+                        slapi_sdn_free(&sdn);
+                        goto done;
+                    }
                 }
                 slapi_rdn_free(&rdn);
                 slapi_sdn_free(&sdn);
@@ -1164,7 +1170,10 @@ done:
     if (smods != NULL) {
         /* Put the updated mods back into place. */
         mods = slapi_mods_get_ldapmods_passout(smods);
-        slapi_pblock_set(pb, SLAPI_MODIFY_MODS, mods);
+        if (slapi_pblock_set(pb, SLAPI_MODIFY_MODS, mods)) {
+            LOG_FATAL("slapi_pblock_set failed!\n");
+            ret = LDAP_OPERATIONS_ERROR;
+        }
         slapi_mods_free(&smods);
     }
 

ipa-client/config.c

@@ -64,6 +64,10 @@ read_config_file(const char *filename)
     }
     left = st.st_size;
     data = malloc(st.st_size + 1);
+    if (data == NULL) {
+        fprintf(stderr, _("out of memory\n"));
+        return NULL;
+    }
     dest = data;
     while (left != 0) {
         ssize_t res;

ipa-client/ipa-join.c

@@ -139,6 +139,10 @@ callRPC(xmlrpc_env *            const envP,
     XMLRPC_ASSERT(xmlrpc_value_type(paramArrayP) == XMLRPC_TYPE_ARRAY);
 
     curlXportParmsP = malloc(sizeof(*curlXportParmsP));
+    if (curlXportParmsP == NULL) {
+        xmlrpc_env_set_fault(envP, XMLRPC_INTERNAL_ERROR, _("Out of memory!"));
+        return;
+    }
     memset(curlXportParmsP, 0, sizeof(*curlXportParmsP));
 
     /* Have curl do SSL certificate validation */