From 4213ef986ffbb4eee7a859a8edd4493deed08362 Mon Sep 17 00:00:00 2001
From: Simon Wilkinson <sxw@your-file-system.com>
Date: Fri, 22 Feb 2013 09:47:57 +0000
Subject: [PATCH] kauth: Catch ka_KeyCheckSum failures

If ka_KeyCheckSum fails, typically because the key being used is bad,
catch the failure rather than just silently ignoring it.

Caught by clang-analyzer

Change-Id: Id51174fdf94356db10961690808670da372bc60e
Reviewed-on: http://gerrit.openafs.org/9179
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
---
 src/kauth/kaprocs.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/kauth/kaprocs.c b/src/kauth/kaprocs.c
index 9e9f02c078..f3f1ead67e 100644
--- a/src/kauth/kaprocs.c
+++ b/src/kauth/kaprocs.c
@@ -1638,7 +1638,11 @@ kamGetEntry(struct rx_call *call,
 	memcpy(&aentry->key, &tentry.key, sizeof(struct ktc_encryptionKey));
     else
 	memset(&aentry->key, 0, sizeof(aentry->key));
+
     code = ka_KeyCheckSum((char *)&tentry.key, &aentry->keyCheckSum);
+    if (code)
+	goto abort;
+
     if (!tentry.pwsums[0] && npwSums > 1 && !tentry.pwsums[1]) {
 	aentry->reserved3 = 0x12340000;
     } else {