Unchecked return value in ipa-getkeytab

krb5_init_context return value was not checked. This could lead
to unhandled error issues.

This patch moves the Kerberos context initialization to the
branch where it is needed and handles the error value in a way
that allows program exit in a standard way deallocating all
resources.

https://fedorahosted.org/freeipa/ticket/721
This commit is contained in:
Martin Kosek 2011-01-11 10:44:48 +01:00 committed by Rob Crittenden
parent e2d4e9477e
commit b739df4c11

View File

@ -76,18 +76,31 @@ static int ldap_sasl_interact(LDAP *ld, unsigned flags, void *priv_data, void *s
krb5_principal princ = (krb5_principal)priv_data;
krb5_context krbctx;
char *outname = NULL;
krb5_error_code krberr;
if (!ld) return LDAP_PARAM_ERROR;
krb5_init_context(&krbctx);
for (in = sit; in && in->id != SASL_CB_LIST_END; in++) {
switch(in->id) {
case SASL_CB_USER:
krberr = krb5_init_context(&krbctx);
if (krberr) {
fprintf(stderr, _("Kerberos context initialization failed\n"));
in->result = NULL;
in->len = 0;
ret = LDAP_LOCAL_ERROR;
break;
}
krb5_unparse_name(krbctx, princ, &outname);
in->result = outname;
in->len = strlen(outname);
ret = LDAP_SUCCESS;
krb5_free_context(krbctx);
break;
case SASL_CB_GETREALM:
in->result = princ->realm.data;
@ -100,7 +113,6 @@ static int ldap_sasl_interact(LDAP *ld, unsigned flags, void *priv_data, void *s
ret = LDAP_OTHER;
}
}
krb5_free_context(krbctx);
return ret;
}