diff options
Diffstat (limited to 'contrib/bind9/lib/dns/gssapictx.c')
| -rw-r--r-- | contrib/bind9/lib/dns/gssapictx.c | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/contrib/bind9/lib/dns/gssapictx.c b/contrib/bind9/lib/dns/gssapictx.c index 24f4b9c..ee5be56 100644 --- a/contrib/bind9/lib/dns/gssapictx.c +++ b/contrib/bind9/lib/dns/gssapictx.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2000, 2001 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: gssapictx.c,v 1.26.12.2 2011-04-07 23:05:01 marka Exp $ */ +/* $Id$ */ #include <config.h> @@ -135,6 +135,7 @@ name_to_gbuffer(dns_name_t *name, isc_buffer_t *buffer, } result = dns_name_toprincipal(namep, buffer); + RUNTIME_CHECK(result == ISC_R_SUCCESS); isc_buffer_putuint8(buffer, 0); isc_buffer_usedregion(buffer, &r); REGION_TO_GBUFFER(r, *gbuffer); @@ -309,7 +310,7 @@ dst_gssapi_acquirecred(dns_name_t *name, isc_boolean_t initiate, if (gret != GSS_S_COMPLETE) { gss_log(3, "failed to acquire %s credentials for %s: %s", initiate ? "initiate" : "accept", - (char *)gnamebuf.value, + (gname != NULL) ? (char *)gnamebuf.value : "?", gss_error_tostring(gret, minor, buf, sizeof(buf))); check_config((char *)array); return (ISC_R_FAILURE); @@ -317,12 +318,14 @@ dst_gssapi_acquirecred(dns_name_t *name, isc_boolean_t initiate, gss_log(4, "acquired %s credentials for %s", initiate ? "initiate" : "accept", - (char *)gnamebuf.value); + (gname != NULL) ? (char *)gnamebuf.value : "?"); log_cred(*cred); return (ISC_R_SUCCESS); #else + REQUIRE(cred != NULL && *cred == NULL); + UNUSED(name); UNUSED(initiate); UNUSED(cred); @@ -342,13 +345,15 @@ dst_gssapi_identitymatchesrealmkrb5(dns_name_t *signer, dns_name_t *name, char *sname; char *rname; isc_buffer_t buffer; + isc_result_t result; /* * It is far, far easier to write the names we are looking at into * a string, and do string operations on them. */ isc_buffer_init(&buffer, sbuf, sizeof(sbuf)); - dns_name_toprincipal(signer, &buffer); + result = dns_name_toprincipal(signer, &buffer); + RUNTIME_CHECK(result == ISC_R_SUCCESS); isc_buffer_putuint8(&buffer, 0); if (name != NULL) dns_name_format(name, nbuf, sizeof(nbuf)); @@ -414,13 +419,15 @@ dst_gssapi_identitymatchesrealmms(dns_name_t *signer, dns_name_t *name, char *nname; char *rname; isc_buffer_t buffer; + isc_result_t result; /* * It is far, far easier to write the names we are looking at into * a string, and do string operations on them. */ isc_buffer_init(&buffer, sbuf, sizeof(sbuf)); - dns_name_toprincipal(signer, &buffer); + result = dns_name_toprincipal(signer, &buffer); + RUNTIME_CHECK(result == ISC_R_SUCCESS); isc_buffer_putuint8(&buffer, 0); if (name != NULL) dns_name_format(name, nbuf, sizeof(nbuf)); @@ -664,8 +671,7 @@ dst_gssapi_acceptctx(gss_cred_id_t cred, gss_log(3, "failed " "gsskrb5_register_acceptor_identity(%s): %s", gssapi_keytab, - gss_error_tostring(gret, minor, - buf, sizeof(buf))); + gss_error_tostring(gret, 0, buf, sizeof(buf))); return (DNS_R_INVALIDTKEY); } #else |
