s4:heimdal: import lorikeet-heimdal-201107150856 (commit 48936803fae4a2fb362c79365d31...

[samba.git] / source4 / heimdal / lib / krb5 / rd_req.c

diff --git a/source4/heimdal/lib/krb5/rd_req.c b/source4/heimdal/lib/krb5/rd_req.c
index 25aa8674c72bf149a88c12d783bd28b61b9edf90..21daeb596b55dbc924266a08ad21cda65f12bff9 100644 (file)
--- a/source4/heimdal/lib/krb5/rd_req.c
+++ b/source4/heimdal/lib/krb5/rd_req.c
@@ -59,7 +59,7 @@ decrypt_tkt_enc_part (krb5_context context,
 
     ret = decode_EncTicketPart(plain.data, plain.length, decr_part, &len);
     if (ret)
-        krb5_set_error_message(context, ret, 
+        krb5_set_error_message(context, ret,
                               N_("Failed to decode encrypted "
                                  "ticket part", ""));
     krb5_data_free (&plain);
@@ -135,9 +135,9 @@ static krb5_error_code
 check_transited(krb5_context context, Ticket *ticket, EncTicketPart *enc)
 {
     char **realms;
-    unsigned int num_realms;
+    unsigned int num_realms, n;
     krb5_error_code ret;
-       
+
     /*
      * Windows 2000 and 2003 uses this inside their TGT so it's normaly
      * not seen by others, however, samba4 joined with a Windows AD as
@@ -161,6 +161,8 @@ check_transited(krb5_context context, Ticket *ticket, EncTicketPart *enc)
     ret = krb5_check_transited(context, enc->crealm,
                               ticket->realm,
                               realms, num_realms, NULL);
+    for (n = 0; n < num_realms; n++)
+       free(realms[n]);
     free(realms);
     return ret;
 }
@@ -175,7 +177,7 @@ find_etypelist(krb5_context context,
     krb5_authdata adIfRelevant;
     unsigned i;
 
-    adIfRelevant.len = 0;
+    memset(&adIfRelevant, 0, sizeof(adIfRelevant));
 
     etypes->len = 0;
     etypes->val = NULL;
@@ -250,7 +252,7 @@ krb5_decrypt_ticket(krb5_context context,
            krb5_clear_error_message (context);
            return KRB5KRB_AP_ERR_TKT_EXPIRED;
        }
-       
+
        if(!t.flags.transited_policy_checked) {
            ret = check_transited(context, ticket, &t);
            if(ret) {
@@ -402,7 +404,7 @@ krb5_verify_ap_req2(krb5_context context,
     {
        krb5_principal p1, p2;
        krb5_boolean res;
-       
+
        _krb5_principalname2krb5_principal(context,
                                           &p1,
                                           ac->authenticator->cname,
@@ -466,7 +468,7 @@ krb5_verify_ap_req2(krb5_context context,
     ac->keytype = ETYPE_NULL;
 
     if (etypes.val) {
-       int i;
+       size_t i;
 
        for (i = 0; i < etypes.len; i++) {
            if (krb5_enctype_valid(context, etypes.val[i]) == 0) {
@@ -508,7 +510,7 @@ krb5_verify_ap_req2(krb5_context context,
        krb5_auth_con_free (context, ac);
     return ret;
 }
-               
+
 /*
  *
  */
@@ -949,7 +951,7 @@ krb5_rd_req_ctx(krb5_context context,
                                  &o->ap_req_options,
                                  &o->ticket,
                                  KRB5_KU_AP_REQ_AUTH);
-       
+
        if (ret)
            goto out;
 
@@ -972,7 +974,7 @@ krb5_rd_req_ctx(krb5_context context,
            goto out;
 
        done = 0;
-       while (!done) { 
+       while (!done) {
            krb5_principal p;
 
            ret = krb5_kt_next_entry(context, id, &entry, &cursor);
@@ -1007,14 +1009,14 @@ krb5_rd_req_ctx(krb5_context context,
             * and update the service principal in the ticket to match
             * whatever is in the keytab.
             */
-           
-           ret = krb5_copy_keyblock(context, 
+
+           ret = krb5_copy_keyblock(context,
                                     &entry.keyblock,
                                     &o->keyblock);
            if (ret) {
                krb5_kt_free_entry (context, &entry);
                goto out;
-           }       
+           }
 
            ret = krb5_copy_principal(context, entry.principal, &p);
            if (ret) {
@@ -1023,7 +1025,7 @@ krb5_rd_req_ctx(krb5_context context,
            }
            krb5_free_principal(context, o->ticket->server);
            o->ticket->server = p;
-           
+
            krb5_kt_free_entry (context, &entry);
 
            done = 1;
@@ -1045,7 +1047,7 @@ krb5_rd_req_ctx(krb5_context context,
            krb5_data_free(&data);
            if (ret)
                goto out;
-       
+
            ret = krb5_pac_verify(context,
                                  pac,
                                  o->ticket->ticket.authtime,