mirror of https://github.com/moparisthebest/curl
security: simplify choose_mech
Coverity CID 1299424 identified dead code because of checks that could never equal true (if the mechanism's name was NULL). Simplified the function by removing a level of pointers and removing the loop and array that weren't used.
This commit is contained in:
parent
fda0e74c22
commit
1514977bcd
|
@ -109,13 +109,6 @@ static char level_to_char(int level) {
|
||||||
return 'P';
|
return 'P';
|
||||||
}
|
}
|
||||||
|
|
||||||
static const struct Curl_sec_client_mech * const mechs[] = {
|
|
||||||
#ifdef HAVE_GSSAPI
|
|
||||||
&Curl_krb5_client_mech,
|
|
||||||
#endif
|
|
||||||
NULL
|
|
||||||
};
|
|
||||||
|
|
||||||
/* Send an FTP command defined by |message| and the optional arguments. The
|
/* Send an FTP command defined by |message| and the optional arguments. The
|
||||||
function returns the ftp_code. If an error occurs, -1 is returned. */
|
function returns the ftp_code. If an error occurs, -1 is returned. */
|
||||||
static int ftp_send_command(struct connectdata *conn, const char *message, ...)
|
static int ftp_send_command(struct connectdata *conn, const char *message, ...)
|
||||||
|
@ -484,36 +477,29 @@ static CURLcode choose_mech(struct connectdata *conn)
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
struct SessionHandle *data = conn->data;
|
struct SessionHandle *data = conn->data;
|
||||||
const struct Curl_sec_client_mech * const *mech;
|
|
||||||
void *tmp_allocation;
|
void *tmp_allocation;
|
||||||
const char *mech_name;
|
const struct Curl_sec_client_mech *mech = &Curl_krb5_client_mech;
|
||||||
|
|
||||||
for(mech = mechs; (*mech); ++mech) {
|
do {
|
||||||
mech_name = (*mech)->name;
|
tmp_allocation = realloc(conn->app_data, mech->size);
|
||||||
/* We have no mechanism with a NULL name but keep this check */
|
|
||||||
DEBUGASSERT(mech_name != NULL);
|
|
||||||
if(mech_name == NULL) {
|
|
||||||
infof(data, "Skipping mechanism with empty name (%p)\n", (void *)mech);
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
tmp_allocation = realloc(conn->app_data, (*mech)->size);
|
|
||||||
if(tmp_allocation == NULL) {
|
if(tmp_allocation == NULL) {
|
||||||
failf(data, "Failed realloc of size %u", (*mech)->size);
|
failf(data, "Failed realloc of size %u", mech->size);
|
||||||
mech = NULL;
|
mech = NULL;
|
||||||
return CURLE_OUT_OF_MEMORY;
|
return CURLE_OUT_OF_MEMORY;
|
||||||
}
|
}
|
||||||
conn->app_data = tmp_allocation;
|
conn->app_data = tmp_allocation;
|
||||||
|
|
||||||
if((*mech)->init) {
|
if(mech->init) {
|
||||||
ret = (*mech)->init(conn->app_data);
|
ret = mech->init(conn->app_data);
|
||||||
if(ret != 0) {
|
if(ret) {
|
||||||
infof(data, "Failed initialization for %s. Skipping it.\n", mech_name);
|
infof(data, "Failed initialization for %s. Skipping it.\n",
|
||||||
|
mech->name);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
infof(data, "Trying mechanism %s...\n", mech_name);
|
infof(data, "Trying mechanism %s...\n", mech->name);
|
||||||
ret = ftp_send_command(conn, "AUTH %s", mech_name);
|
ret = ftp_send_command(conn, "AUTH %s", mech->name);
|
||||||
if(ret < 0)
|
if(ret < 0)
|
||||||
/* FIXME: This error is too generic but it is OK for now. */
|
/* FIXME: This error is too generic but it is OK for now. */
|
||||||
return CURLE_COULDNT_CONNECT;
|
return CURLE_COULDNT_CONNECT;
|
||||||
|
@ -522,11 +508,11 @@ static CURLcode choose_mech(struct connectdata *conn)
|
||||||
switch(ret) {
|
switch(ret) {
|
||||||
case 504:
|
case 504:
|
||||||
infof(data, "Mechanism %s is not supported by the server (server "
|
infof(data, "Mechanism %s is not supported by the server (server "
|
||||||
"returned ftp code: 504).\n", mech_name);
|
"returned ftp code: 504).\n", mech->name);
|
||||||
break;
|
break;
|
||||||
case 534:
|
case 534:
|
||||||
infof(data, "Mechanism %s was rejected by the server (server returned "
|
infof(data, "Mechanism %s was rejected by the server (server returned "
|
||||||
"ftp code: 534).\n", mech_name);
|
"ftp code: 534).\n", mech->name);
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
if(ret/100 == 5) {
|
if(ret/100 == 5) {
|
||||||
|
@ -539,7 +525,7 @@ static CURLcode choose_mech(struct connectdata *conn)
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Authenticate */
|
/* Authenticate */
|
||||||
ret = (*mech)->auth(conn->app_data, conn);
|
ret = mech->auth(conn->app_data, conn);
|
||||||
|
|
||||||
if(ret == AUTH_CONTINUE)
|
if(ret == AUTH_CONTINUE)
|
||||||
continue;
|
continue;
|
||||||
|
@ -549,7 +535,7 @@ static CURLcode choose_mech(struct connectdata *conn)
|
||||||
}
|
}
|
||||||
DEBUGASSERT(ret == AUTH_OK);
|
DEBUGASSERT(ret == AUTH_OK);
|
||||||
|
|
||||||
conn->mech = *mech;
|
conn->mech = mech;
|
||||||
conn->sec_complete = 1;
|
conn->sec_complete = 1;
|
||||||
conn->recv[FIRSTSOCKET] = sec_recv;
|
conn->recv[FIRSTSOCKET] = sec_recv;
|
||||||
conn->send[FIRSTSOCKET] = sec_send;
|
conn->send[FIRSTSOCKET] = sec_send;
|
||||||
|
@ -559,10 +545,10 @@ static CURLcode choose_mech(struct connectdata *conn)
|
||||||
/* Set the requested protection level */
|
/* Set the requested protection level */
|
||||||
/* BLOCKING */
|
/* BLOCKING */
|
||||||
(void)sec_set_protection_level(conn);
|
(void)sec_set_protection_level(conn);
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
return *mech != NULL ? CURLE_OK : CURLE_FAILED_INIT;
|
} WHILE_FALSE;
|
||||||
|
|
||||||
|
return CURLE_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
CURLcode
|
CURLcode
|
||||||
|
|
Loading…
Reference in New Issue