From 3727376f8654f9e1dd88b1f9721124f9fc96ad0a Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Mon, 8 Oct 2018 14:44:05 -0400
Subject: [PATCH 21/25] clang: Garbage value possible

Need to add guard so that error was only considered if the
certificate was decodable and an import was attempted.
---
 src/certsave-n.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/certsave-n.c b/src/certsave-n.c
index 972a1dfa..30e242c1 100644
--- a/src/certsave-n.c
+++ b/src/certsave-n.c
@@ -498,6 +498,7 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
 					}
 				}
 				/* Import the certificate. */
+				error = SECFailure;
 				newcert = CERT_DecodeCertFromPackage((char *)item->data, item->len);
 				if (newcert != NULL) {
 					error = PK11_ImportCert(sle->slot,
@@ -506,7 +507,7 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
 						entry->cm_cert_nickname,
 						PR_FALSE);
 				}
-				if (error == SECSuccess) {
+				if ((newcert != NULL) && (error == SECSuccess)) {
 					cm_log(1, "Imported certificate with "
 					       "nickname \"%s\".\n",
 					       entry->cm_cert_nickname);
@@ -581,6 +582,7 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
 						CERT_DestroyCertList(certlist);
 					}
 				} else {
+					ec = PORT_GetError();
 					if (ec != 0) {
 						es = PR_ErrorToName(ec);
 					} else {
-- 
2.21.0