Misc fixes (coverity)

kcm/acquire.c

@@ -50,6 +50,7 @@ kcm_ccache_acquire(krb5_context context,
     char *in_tkt_service = NULL;
     const char *estr;
 
+    *credp = NULL;
     memset(&cred, 0, sizeof(cred));
 
     KCM_ASSERT_VALID(ccache);
@@ -82,7 +83,7 @@ kcm_ccache_acquire(krb5_context context,
 	    kcm_log(0, "Failed to unparse service principal name for cache %s: %s",
 		    ccache->name, estr);
 	    krb5_free_error_message(context, estr);
-	    return ret;
+	    goto out;
 	}
     }
 
@@ -121,14 +122,9 @@ kcm_ccache_acquire(krb5_context context,
 	kcm_log(0, "Failed to acquire credentials for cache %s: %s",
 		ccache->name, estr);
 	krb5_free_error_message(context, estr);
-	if (in_tkt_service != NULL)
-	    free(in_tkt_service);
 	goto out;
     }
 
-    if (in_tkt_service != NULL)
-	free(in_tkt_service);
-
     /* Swap them in */
     kcm_ccache_remove_creds_internal(context, ccache);
 
@@ -143,6 +139,7 @@ kcm_ccache_acquire(krb5_context context,
     }
 
 out:
+    free(in_tkt_service);
     if (opt)
 	krb5_get_init_creds_opt_free(context, opt);
 

kcm/protocol.c

@@ -1137,17 +1137,19 @@ kcm_op_set_default_cache(krb5_context context,
     }
     if (c == NULL) {
 	c = malloc(sizeof(*c));
-	if (c == NULL)
+	if (c == NULL) {
+            free(name);
 	    return ENOMEM;
+        }
 	c->session = client->session;
 	c->uid = client->uid;
-	c->name = strdup(name);
+	c->name = name;
 
 	c->next = default_caches;
 	default_caches = c;
     } else {
 	free(c->name);
-	c->name = strdup(name);
+	c->name = name;
     }
 
     return 0;

kpasswd/kpasswd-generator.c

@@ -36,24 +36,24 @@
 RCSID("$Id$");
 
 static unsigned
-read_words (const char *filename, char ***ret_w)
+read_words(const char *filename, char ***ret_w)
 {
     unsigned n, alloc;
     FILE *f;
     char buf[256];
     char **w = NULL;
 
-    f = fopen (filename, "r");
+    f = fopen(filename, "r");
     if (f == NULL)
-	err (1, "cannot open %s", filename);
+	err(1, "cannot open %s", filename);
     alloc = n = 0;
-    while (fgets (buf, sizeof(buf), f) != NULL) {
+    while (fgets(buf, sizeof(buf), f) != NULL) {
 	buf[strcspn(buf, "\r\n")] = '\0';
 	if (n >= alloc) {
 	    alloc += 16;
-	    w = erealloc (w, alloc * sizeof(char *));
+	    w = erealloc(w, alloc * sizeof(char *));
 	}
-	w[n++] = estrdup (buf);
+	w[n++] = estrdup(buf);
     }
     *ret_w = w;
     if (n == 0)
@@ -63,30 +63,30 @@ read_words (const char *filename, char ***ret_w)
 }
 
 static int
-nop_prompter (krb5_context context,
-	      void *data,
-	      const char *name,
-	      const char *banner,
-	      int num_prompts,
-	      krb5_prompt prompts[])
+nop_prompter(krb5_context context,
+	     void *data,
+	     const char *name,
+	     const char *banner,
+	     int num_prompts,
+	     krb5_prompt prompts[])
 {
     return 0;
 }
 
 static void
-generate_requests (const char *filename, unsigned nreq)
+generate_requests(const char *filename, unsigned nreq)
 {
     krb5_context context;
     krb5_error_code ret;
     int i;
     char **words;
-    unsigned nwords;
+    unsigned nwords, k;
 
-    ret = krb5_init_context (&context);
+    ret = krb5_init_context(&context);
     if (ret)
 	errx (1, "krb5_init_context failed: %d", ret);
 
-    nwords = read_words (filename, &words);
+    nwords = read_words(filename, &words);
 
     for (i = 0; i < nreq; ++i) {
 	char *name = words[rand() % nwords];
@@ -98,70 +98,74 @@ generate_requests (const char *filename, unsigned nreq)
 	char *old_pwd, *new_pwd;
 	int aret;
 
-	krb5_get_init_creds_opt_alloc (context, &opt);
+	krb5_get_init_creds_opt_alloc(context, &opt);
 	krb5_get_init_creds_opt_set_tkt_life (opt, 300);
 	krb5_get_init_creds_opt_set_forwardable (opt, FALSE);
 	krb5_get_init_creds_opt_set_proxiable (opt, FALSE);
 
-	ret = krb5_parse_name (context, name, &principal);
+	ret = krb5_parse_name(context, name, &principal);
 	if (ret)
-	    krb5_err (context, 1, ret, "krb5_parse_name %s", name);
+	    krb5_err(context, 1, ret, "krb5_parse_name %s", name);
 
-	aret = asprintf (&old_pwd, "%s", name);
+	aret = asprintf(&old_pwd, "%s", name);
 	if (aret == -1)
 	    krb5_errx(context, 1, "out of memory");
-	aret = asprintf (&new_pwd, "%s2", name);
+	aret = asprintf(&new_pwd, "%s2", name);
 	if (aret == -1)
 	    krb5_errx(context, 1, "out of memory");
 
-	ret = krb5_get_init_creds_password (context,
-					    &cred,
-					    principal,
-					    old_pwd,
-					    nop_prompter,
-					    NULL,
-					    0,
-					    "kadmin/changepw",
-					    opt);
-	if( ret == KRB5KRB_AP_ERR_BAD_INTEGRITY
+	ret = krb5_get_init_creds_password(context,
+					   &cred,
+					   principal,
+					   old_pwd,
+					   nop_prompter,
+					   NULL,
+					   0,
+					   "kadmin/changepw",
+					   opt);
+	if (ret == KRB5KRB_AP_ERR_BAD_INTEGRITY
 	    || ret == KRB5KRB_AP_ERR_MODIFIED) {
 	    char *tmp;
 
 	    tmp = new_pwd;
 	    new_pwd = old_pwd;
 	    old_pwd = tmp;
 
-	    ret = krb5_get_init_creds_password (context,
-						&cred,
-						principal,
-						old_pwd,
-						nop_prompter,
-						NULL,
-						0,
-						"kadmin/changepw",
-						opt);
+            ret = krb5_get_init_creds_password(context,
+                                               &cred,
+                                               principal,
+                                               old_pwd,
+                                               nop_prompter,
+                                               NULL,
+                                               0,
+                                               "kadmin/changepw",
+                                               opt);
 	}
 	if (ret)
-	    krb5_err (context, 1, ret, "krb5_get_init_creds_password");
+	    krb5_err(context, 1, ret, "krb5_get_init_creds_password");
 
-	krb5_free_principal (context, principal);
+	krb5_free_principal(context, principal);
 
 
-	ret = krb5_set_password (context,
-				 &cred,
-				 new_pwd,
-				 NULL,
-				 &result_code,
-				 &result_code_string,
-				 &result_string);
+        ret = krb5_set_password(context,
+                                &cred,
+                                new_pwd,
+                                NULL,
+                                &result_code,
+                                &result_code_string,
+                                &result_string);
 	if (ret)
-	    krb5_err (context, 1, ret, "krb5_change_password");
+	    krb5_err(context, 1, ret, "krb5_change_password");
 
-	free (old_pwd);
-	free (new_pwd);
-	krb5_free_cred_contents (context, &cred);
+	free(old_pwd);
+	free(new_pwd);
+	krb5_free_cred_contents(context, &cred);
 	krb5_get_init_creds_opt_free(context, opt);
     }
+
+    for (k = 0; k < nwords; k++)
+        free(words[k]);
+    free(words);
 }
 
 static int version_flag	= 0;
@@ -173,12 +177,12 @@ static struct getargs args[] = {
 };
 
 static void
-usage (int ret)
+usage(int ret)
 {
-    arg_printusage (args,
-		    sizeof(args)/sizeof(*args),
-		    NULL,
-		    "file [number]");
+    arg_printusage(args,
+		   sizeof(args)/sizeof(*args),
+		   NULL,
+		   "file [number]");
     exit (ret);
 }
 
@@ -204,9 +208,9 @@ main(int argc, char **argv)
     if (argc != 2)
 	usage (1);
     srand (0);
-    nreq = strtol (argv[1], &end, 0);
+    nreq = strtol(argv[1], &end, 0);
     if (argv[1] == end || *end != '\0')
 	usage (1);
-    generate_requests (argv[0], nreq);
+    generate_requests(argv[0], nreq);
     return 0;
 }

lib/hx509/ks_file.c

@@ -96,9 +96,10 @@ try_decrypt(hx509_context context,
 			 password, passwordlen,
 			 1, key, NULL);
     if (ret <= 0) {
-	hx509_set_error_string(context, 0, HX509_CRYPTO_INTERNAL_ERROR,
+	ret = HX509_CRYPTO_INTERNAL_ERROR;
+	hx509_set_error_string(context, 0, ret,
 			       "Failed to do string2key for private key");
-	return HX509_CRYPTO_INTERNAL_ERROR;
+        goto out;
     }
 
     clear.data = malloc(len);

lib/hx509/softp11.c

@@ -543,6 +543,8 @@ add_cert(hx509_context hxctx, void *ctx, hx509_cert cert)
 	CK_FLAGS flags;
 
 	type = CKO_PRIVATE_KEY;
+
+        /* Note to static analyzers: `o' is still referred to via globals */
 	o = add_st_object();
 	if (o == NULL) {
 	    ret = CKR_DEVICE_MEMORY;
@@ -593,6 +595,7 @@ add_cert(hx509_context hxctx, void *ctx, hx509_cert cert)
     hx509_xfree(issuer_data.data);
     hx509_xfree(subject_data.data);
 
+    /* Note to static analyzers: `o' is still referred to via globals */
     return 0;
 }
 

lib/kadm5/init_c.c

@@ -588,16 +588,18 @@ kadm5_c_init_with_context(krb5_context context,
     krb5_ccache cc;
 
     ret = _kadm5_c_init_context(&ctx, realm_params, context);
-    if(ret)
+    if (ret)
 	return ret;
 
-    if(password != NULL && *password != '\0') {
+    if (password != NULL && *password != '\0') {
 	ret = _kadm5_c_get_cred_cache(context,
 				      client_name,
 				      service_name,
 				      password, prompter, keytab, ccache, &cc);
-	if(ret)
-	    return ret; /* XXX */
+	if (ret) {
+            kadm5_c_destroy(ctx);
+	    return ret;
+        }
 	ccache = cc;
     }
 

lib/krb5/auth_context.c

@@ -292,9 +292,9 @@ copy_key(krb5_context context,
 	 krb5_keyblock *in,
 	 krb5_keyblock **out)
 {
-    if(in)
+    *out = NULL;
+    if (in)
 	return krb5_copy_keyblock(context, in, out);
-    *out = NULL; /* is this right? */
     return 0;
 }
 

lib/krb5/krbhst.c

@@ -592,8 +592,10 @@ add_plugin_host(struct krb5_krbhst_data *kd,
     hostlen = strlen(host);
 
     hi = calloc(1, sizeof(*hi) + hostlen);
-    if(hi == NULL)
+    if (hi == NULL) {
+        freeaddrinfo(ai);
 	return ENOMEM;
+    }
 
     hi->proto = proto;
     hi->port  = hi->def_port = portnum;

lib/krb5/pkinit.c

@@ -1133,8 +1133,10 @@ pk_rd_pa_reply_enckey(krb5_context context,
 
 	    ret = der_put_length_and_tag (ptr + ph - 1, ph, content.length,
 					  ASN1_C_UNIV, CONS, UT_Sequence, &l);
-	    if (ret)
+	    if (ret) {
+                free(ptr);
 		return ret;
+            }
 	    free(content.data);
 	    content.data = ptr;
 	    content.length += ph;