From 484d549ecef3ee44dff4bbca418b5ace20629502 Mon Sep 17 00:00:00 2001
From: Dan Fandrich <dan@coneharvesters.com>
Date: Sun, 2 Nov 2008 05:01:39 +0000
Subject: Marked with TODO comments a number of problems in the Kerberos code
 detected while investigating the issue in
 http://curl.haxx.se/mail/lib-2008-09/0262.html I'm hesitant to fix them
 because I have no way of testing the result.

---
 lib/security.c | 4 ++++
 lib/sendf.c    | 5 ++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/lib/security.c b/lib/security.c
index 3a9642ae4..7f6f3da0a 100644
--- a/lib/security.c
+++ b/lib/security.c
@@ -101,6 +101,7 @@ static const struct Curl_sec_client_mech * const mechs[] = {
   NULL
 };
 
+/* TODO: This function isn't actually used anywhere and should be removed */
 int
 Curl_sec_getc(struct connectdata *conn, FILE *F)
 {
@@ -124,6 +125,7 @@ block_read(int fd, void *buf, size_t len)
     if(b == 0)
       return 0;
     else if(b < 0 && (errno == EINTR || errno == EAGAIN))
+      /* TODO: this will busy loop in the EAGAIN case */
       continue;
     else if(b < 0)
       return -1;
@@ -163,6 +165,8 @@ sec_get_data(struct connectdata *conn,
   else if(b < 0)
     return -1;
   len = ntohl(len);
+  /* TODO: This realloc will cause a memory leak in an out of memory
+   * condition */
   buf->data = realloc(buf->data, len);
   b = buf->data ? block_read(fd, buf->data, len) : -1;
   if(b == 0)
diff --git a/lib/sendf.c b/lib/sendf.c
index 7a8c3cad2..4fe0b4806 100644
--- a/lib/sendf.c
+++ b/lib/sendf.c
@@ -630,13 +630,16 @@ int Curl_read(struct connectdata *conn, /* connection data */
       return -1;
 #endif
     if(nread < 0)
-      /* since it is negative and not EGAIN, it was a protocol-layer error */
+      /* since it is negative and not EAGAIN, it was a protocol-layer error */
       return CURLE_RECV_ERROR;
   }
   else {
     if(conn->sec_complete)
       nread = Curl_sec_read(conn, sockfd, buffertofill,
                             bytesfromsocket);
+    /* TODO: Need to handle EAGAIN here somehow, similar to how it
+     * is done in Curl_read_plain, either right here or in Curl_sec_read
+     * itself. */
     else {
       int ret = Curl_read_plain(sockfd, buffertofill, bytesfromsocket,
                                      &nread);
-- 
cgit v1.2.3