diff options
| author | Jeremy Allison <jra@samba.org> | 2014-09-19 15:16:38 -0700 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2014-09-26 00:51:16 +0200 |
| commit | e6cf99c9d9160ed2f5921b2b3169a374a21242dc (patch) | |
| tree | 344e881ae52b8e260ec995f7399680cf3831615a | |
| parent | a2f779fd5f7209010426472858929fb75ae13564 (diff) | |
| download | samba-e6cf99c9d9160ed2f5921b2b3169a374a21242dc.tar.gz | |
s4: auth: gensec: asn1 fixes - check all returns.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
| -rw-r--r-- | source4/auth/gensec/gensec_krb5.c | 41 |
1 files changed, 22 insertions, 19 deletions
diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c index 237a2633c92..c34c43425e4 100644 --- a/source4/auth/gensec/gensec_krb5.c +++ b/source4/auth/gensec/gensec_krb5.c @@ -403,30 +403,31 @@ static NTSTATUS gensec_fake_gssapi_krb5_client_start(struct gensec_security *gen static DATA_BLOB gensec_gssapi_gen_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLOB *ticket, const uint8_t tok_id[2]) { struct asn1_data *data; - DATA_BLOB ret; + DATA_BLOB ret = data_blob_null; data = asn1_init(mem_ctx); if (!data || !ticket->data) { - return data_blob(NULL,0); + return ret; } - asn1_push_tag(data, ASN1_APPLICATION(0)); - asn1_write_OID(data, GENSEC_OID_KERBEROS5); + if (!asn1_push_tag(data, ASN1_APPLICATION(0))) goto err; + if (!asn1_write_OID(data, GENSEC_OID_KERBEROS5)) goto err; - asn1_write(data, tok_id, 2); - asn1_write(data, ticket->data, ticket->length); - asn1_pop_tag(data); + if (!asn1_write(data, tok_id, 2)) goto err; + if (!asn1_write(data, ticket->data, ticket->length)) goto err; + if (!asn1_pop_tag(data)) goto err; - if (data->has_error) { - DEBUG(1,("Failed to build krb5 wrapper at offset %d\n", (int)data->ofs)); - asn1_free(data); - return data_blob(NULL,0); - } ret = data_blob_talloc(mem_ctx, data->data, data->length); asn1_free(data); return ret; + + err: + + DEBUG(1,("Failed to build krb5 wrapper at offset %d\n", (int)data->ofs)); + asn1_free(data); + return ret; } /* @@ -434,7 +435,7 @@ static DATA_BLOB gensec_gssapi_gen_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLO */ static bool gensec_gssapi_parse_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, DATA_BLOB *ticket, uint8_t tok_id[2]) { - bool ret; + bool ret = false; struct asn1_data *data = asn1_init(mem_ctx); int data_remaining; @@ -442,25 +443,27 @@ static bool gensec_gssapi_parse_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLOB * return false; } - asn1_load(data, *blob); - asn1_start_tag(data, ASN1_APPLICATION(0)); - asn1_check_OID(data, GENSEC_OID_KERBEROS5); + if (!asn1_load(data, *blob)) goto err; + if (!asn1_start_tag(data, ASN1_APPLICATION(0))) goto err; + if (!asn1_check_OID(data, GENSEC_OID_KERBEROS5)) goto err; data_remaining = asn1_tag_remaining(data); if (data_remaining < 3) { data->has_error = true; } else { - asn1_read(data, tok_id, 2); + if (!asn1_read(data, tok_id, 2)) goto err; data_remaining -= 2; *ticket = data_blob_talloc(mem_ctx, NULL, data_remaining); - asn1_read(data, ticket->data, ticket->length); + if (!asn1_read(data, ticket->data, ticket->length)) goto err; } - asn1_end_tag(data); + if (!asn1_end_tag(data)) goto err; ret = !data->has_error; + err: + asn1_free(data); return ret; |