s4: auth: gensec: asn1 fixes - check all returns.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>

diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c
index 237a2633c927ffd7c8efa7670bc4e1af151486a3..c34c43425e48e53174629ac1590e3ff2568a74d0 100644 (file)
--- a/source4/auth/gensec/gensec_krb5.c
+++ b/source4/auth/gensec/gensec_krb5.c
@@ -403,30 +403,31 @@ static NTSTATUS gensec_fake_gssapi_krb5_client_start(struct gensec_security *gen
 static DATA_BLOB gensec_gssapi_gen_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLOB *ticket, const uint8_t tok_id[2])
 {
        struct asn1_data *data;
-       DATA_BLOB ret;
+       DATA_BLOB ret = data_blob_null;
 
        data = asn1_init(mem_ctx);
        if (!data || !ticket->data) {
-               return data_blob(NULL,0);
+               return ret;
        }
 
-       asn1_push_tag(data, ASN1_APPLICATION(0));
-       asn1_write_OID(data, GENSEC_OID_KERBEROS5);
+       if (!asn1_push_tag(data, ASN1_APPLICATION(0))) goto err;
+       if (!asn1_write_OID(data, GENSEC_OID_KERBEROS5)) goto err;
 
-       asn1_write(data, tok_id, 2);
-       asn1_write(data, ticket->data, ticket->length);
-       asn1_pop_tag(data);
+       if (!asn1_write(data, tok_id, 2)) goto err;
+       if (!asn1_write(data, ticket->data, ticket->length)) goto err;
+       if (!asn1_pop_tag(data)) goto err;
 
-       if (data->has_error) {
-               DEBUG(1,("Failed to build krb5 wrapper at offset %d\n", (int)data->ofs));
-               asn1_free(data);
-               return data_blob(NULL,0);
-       }
 
        ret = data_blob_talloc(mem_ctx, data->data, data->length);
        asn1_free(data);
 
        return ret;
+
+  err:
+
+       DEBUG(1,("Failed to build krb5 wrapper at offset %d\n", (int)data->ofs));
+       asn1_free(data);
+       return ret;
 }
 
 /*
@@ -434,7 +435,7 @@ static DATA_BLOB gensec_gssapi_gen_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLO
 */
 static bool gensec_gssapi_parse_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob, DATA_BLOB *ticket, uint8_t tok_id[2])
 {
-       bool ret;
+       bool ret = false;
        struct asn1_data *data = asn1_init(mem_ctx);
        int data_remaining;
 
@@ -442,25 +443,27 @@ static bool gensec_gssapi_parse_krb5_wrap(TALLOC_CTX *mem_ctx, const DATA_BLOB *
                return false;
        }
 
-       asn1_load(data, *blob);
-       asn1_start_tag(data, ASN1_APPLICATION(0));
-       asn1_check_OID(data, GENSEC_OID_KERBEROS5);
+       if (!asn1_load(data, *blob)) goto err;
+       if (!asn1_start_tag(data, ASN1_APPLICATION(0))) goto err;
+       if (!asn1_check_OID(data, GENSEC_OID_KERBEROS5)) goto err;
 
        data_remaining = asn1_tag_remaining(data);
 
        if (data_remaining < 3) {
                data->has_error = true;
        } else {
-               asn1_read(data, tok_id, 2);
+               if (!asn1_read(data, tok_id, 2)) goto err;
                data_remaining -= 2;
                *ticket = data_blob_talloc(mem_ctx, NULL, data_remaining);
-               asn1_read(data, ticket->data, ticket->length);
+               if (!asn1_read(data, ticket->data, ticket->length)) goto err;
        }
 
-       asn1_end_tag(data);
+       if (!asn1_end_tag(data)) goto err;
 
        ret = !data->has_error;
 
+  err:
+
        asn1_free(data);
 
        return ret;