From 1514977bcde37c59f863a0f40c7d9f66d9e33370 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 22 May 2015 16:43:58 +0200 Subject: security: simplify choose_mech Coverity CID 1299424 identified dead code because of checks that could never equal true (if the mechanism's name was NULL). Simplified the function by removing a level of pointers and removing the loop and array that weren't used. --- lib/security.c | 52 +++++++++++++++++++--------------------------------- 1 file changed, 19 insertions(+), 33 deletions(-) diff --git a/lib/security.c b/lib/security.c index ccaa1f6e9..524f9cef4 100644 --- a/lib/security.c +++ b/lib/security.c @@ -109,13 +109,6 @@ static char level_to_char(int level) { return 'P'; } -static const struct Curl_sec_client_mech * const mechs[] = { -#ifdef HAVE_GSSAPI - &Curl_krb5_client_mech, -#endif - NULL -}; - /* Send an FTP command defined by |message| and the optional arguments. The function returns the ftp_code. If an error occurs, -1 is returned. */ static int ftp_send_command(struct connectdata *conn, const char *message, ...) @@ -484,36 +477,29 @@ static CURLcode choose_mech(struct connectdata *conn) { int ret; struct SessionHandle *data = conn->data; - const struct Curl_sec_client_mech * const *mech; void *tmp_allocation; - const char *mech_name; - - for(mech = mechs; (*mech); ++mech) { - mech_name = (*mech)->name; - /* We have no mechanism with a NULL name but keep this check */ - DEBUGASSERT(mech_name != NULL); - if(mech_name == NULL) { - infof(data, "Skipping mechanism with empty name (%p)\n", (void *)mech); - continue; - } - tmp_allocation = realloc(conn->app_data, (*mech)->size); + const struct Curl_sec_client_mech *mech = &Curl_krb5_client_mech; + + do { + tmp_allocation = realloc(conn->app_data, mech->size); if(tmp_allocation == NULL) { - failf(data, "Failed realloc of size %u", (*mech)->size); + failf(data, "Failed realloc of size %u", mech->size); mech = NULL; return CURLE_OUT_OF_MEMORY; } conn->app_data = tmp_allocation; - if((*mech)->init) { - ret = (*mech)->init(conn->app_data); - if(ret != 0) { - infof(data, "Failed initialization for %s. Skipping it.\n", mech_name); + if(mech->init) { + ret = mech->init(conn->app_data); + if(ret) { + infof(data, "Failed initialization for %s. Skipping it.\n", + mech->name); continue; } } - infof(data, "Trying mechanism %s...\n", mech_name); - ret = ftp_send_command(conn, "AUTH %s", mech_name); + infof(data, "Trying mechanism %s...\n", mech->name); + ret = ftp_send_command(conn, "AUTH %s", mech->name); if(ret < 0) /* FIXME: This error is too generic but it is OK for now. */ return CURLE_COULDNT_CONNECT; @@ -522,11 +508,11 @@ static CURLcode choose_mech(struct connectdata *conn) switch(ret) { case 504: infof(data, "Mechanism %s is not supported by the server (server " - "returned ftp code: 504).\n", mech_name); + "returned ftp code: 504).\n", mech->name); break; case 534: infof(data, "Mechanism %s was rejected by the server (server returned " - "ftp code: 534).\n", mech_name); + "ftp code: 534).\n", mech->name); break; default: if(ret/100 == 5) { @@ -539,7 +525,7 @@ static CURLcode choose_mech(struct connectdata *conn) } /* Authenticate */ - ret = (*mech)->auth(conn->app_data, conn); + ret = mech->auth(conn->app_data, conn); if(ret == AUTH_CONTINUE) continue; @@ -549,7 +535,7 @@ static CURLcode choose_mech(struct connectdata *conn) } DEBUGASSERT(ret == AUTH_OK); - conn->mech = *mech; + conn->mech = mech; conn->sec_complete = 1; conn->recv[FIRSTSOCKET] = sec_recv; conn->send[FIRSTSOCKET] = sec_send; @@ -559,10 +545,10 @@ static CURLcode choose_mech(struct connectdata *conn) /* Set the requested protection level */ /* BLOCKING */ (void)sec_set_protection_level(conn); - break; - } - return *mech != NULL ? CURLE_OK : CURLE_FAILED_INIT; + } WHILE_FALSE; + + return CURLE_OK; } CURLcode -- cgit v1.2.3