Avoid calling krb5_free_context(NULL)

Several places in the code currently call krb5_free_context(ctx) in a
cleanup code path, where 'ctx' may or may not be NULL. This is not
guaranteed to be okay, so check for NULL to make sure we don't cause
issues in these code paths.

While we are here cleaning up krb5_free_context() calls, also fix a
few call sites in afscp_util.c that were not calling krb5_free_context
in all error paths.

Reviewed-on: https://gerrit.openafs.org/13461
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
(cherry picked from commit 26b1dc036719a588a5cadecb14053bd4079c1f48)

Change-Id: I3b0d22f51f4fe85897116b7f96d096570258eed2
Reviewed-on: https://gerrit.openafs.org/13902
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>

diff --git a/src/aklog/aklog.c b/src/aklog/aklog.c
index 8d2ac3513d361456697419a7ace7204d5eff3c00..66b4dfe39f3f6af9b53b98c64d7332f24a8c1350 100644 (file)
--- a/src/aklog/aklog.c
+++ b/src/aklog/aklog.c
@@ -317,9 +317,10 @@ redirect_errors(const char *who, afs_int32 code, const char *fmt, va_list ap)
            krb5_svc_get_msg(code,&str);
 #elif defined(HAVE_KRB5_GET_ERROR_MESSAGE)
            krb5_context context;
-           krb5_init_context(&context);
-           str = krb5_get_error_message(context, code);
-           krb5_free_context(context);
+           if (krb5_init_context(&context) == 0) {
+                str = krb5_get_error_message(context, code);
+                krb5_free_context(context);
+            }
 #else
            ; /* IRIX apparently has neither: use the string we have */
 #endif

diff --git a/src/libafscp/afscp_util.c b/src/libafscp/afscp_util.c
index 47fcfcd567b58f9f1b1aeccfbf26c63f3bf48124..0e5a0e28c0140815c028c730e92816a9eb84413f 100644 (file)
--- a/src/libafscp/afscp_util.c
+++ b/src/libafscp/afscp_util.c
@@ -216,7 +216,7 @@ _GetSecurityObject(struct afscp_cell *cell)
 {
     int code = ENOENT;
 #ifdef HAVE_KERBEROS
-    krb5_context context;
+    krb5_context context = NULL;
     krb5_creds match;
     krb5_creds *cred;
     krb5_ccache cc;
@@ -286,7 +286,6 @@ _GetSecurityObject(struct afscp_cell *cell)
        krb5_free_cred_contents(context, &match);
        if (cc)
            krb5_cc_close(context, cc);
-       krb5_free_context(context);
        goto try_anon;
     }
 
@@ -303,7 +302,6 @@ _GetSecurityObject(struct afscp_cell *cell)
            krb5_free_cred_contents(context, &match);
            if (cc)
                krb5_cc_close(context, cc);
-           krb5_free_context(context);
            goto try_anon;
        }
     }
@@ -325,7 +323,10 @@ _GetSecurityObject(struct afscp_cell *cell)
     cell->scindex = 2;
     return 0;
 
-    try_anon:
+ try_anon:
+    if (context != NULL) {
+        krb5_free_context(context);
+    }
 #endif /* HAVE_KERBEROS */
     if (try_anonymous)
        return _GetNullSecurityObject(cell);

diff --git a/src/rxkad/ticket5.c b/src/rxkad/ticket5.c
index 3b4bafe45492a38a7d5d1174e83d63ce7dc5cd17..cc6777bba4e3c06cfaa624aeef8983a9c5981657 100644 (file)
--- a/src/rxkad/ticket5.c
+++ b/src/rxkad/ticket5.c
@@ -624,7 +624,9 @@ cleanup:
     if (cr != NULL)
        krb5_crypto_destroy(context, cr);
     krb5_free_keyblock_contents(context, &kb);
-    krb5_free_context(context);
+    if (context != NULL) {
+        krb5_free_context(context);
+    }
     rxi_Free(buf, allocsiz);
     if ((code & 0xFFFFFF00) == ERROR_TABLE_BASE_asn1)
        return RXKADINCONSISTENCY;