|
 |
43fe83 |
From 1bf9fb12d2d9cca51a06f099918b35e24c29ef8e Mon Sep 17 00:00:00 2001
|
|
|
43fe83 |
Message-Id: <1bf9fb12d2d9cca51a06f099918b35e24c29ef8e.1377873639.git.jdenemar@redhat.com>
|
|
|
43fe83 |
From: John Ferlan <jferlan@redhat.com>
|
|
|
43fe83 |
Date: Fri, 9 Aug 2013 07:06:34 -0400
|
|
|
43fe83 |
Subject: [PATCH] virnettlscontext: Resolve Coverity warnings (UNINIT)
|
|
|
43fe83 |
|
|
|
43fe83 |
https://bugzilla.redhat.com/show_bug.cgi?id=994158
|
|
|
43fe83 |
|
|
|
43fe83 |
Coverity complained about the usage of the uninitialized cacerts in the
|
|
|
43fe83 |
event(s) that "access(certFile, R_OK)" and/or "access(cacertFile, R_OK)"
|
|
|
43fe83 |
fail the for loop used to fill in the certs will have indeterminate data
|
|
|
43fe83 |
as well as the possibility that both failures would result in the
|
|
|
43fe83 |
gnutls_x509_crt_deinit() call having a similar fate.
|
|
|
43fe83 |
|
|
|
43fe83 |
Initializing cacerts only would resolve the issue; however, it still
|
|
|
43fe83 |
would leave the indeterminate action, so rather add a parameter to
|
|
|
43fe83 |
the virNetTLSContextLoadCACertListFromFile() to pass the max size rather
|
|
|
43fe83 |
then overloading the returned count parameter. If the the call is never
|
|
|
43fe83 |
made, then we won't go through the for loops referencing the empty
|
|
|
43fe83 |
cacerts
|
|
|
43fe83 |
|
|
|
43fe83 |
(cherry picked from commit f905cc998449c89339d0e2894a71d9a9e45293e5)
|
|
|
43fe83 |
---
|
|
|
43fe83 |
src/rpc/virnettlscontext.c | 8 +++++---
|
|
|
43fe83 |
1 file changed, 5 insertions(+), 3 deletions(-)
|
|
|
43fe83 |
|
|
|
43fe83 |
diff --git a/src/rpc/virnettlscontext.c b/src/rpc/virnettlscontext.c
|
|
|
43fe83 |
index 2beee8f..7cee27c 100644
|
|
|
43fe83 |
--- a/src/rpc/virnettlscontext.c
|
|
|
43fe83 |
+++ b/src/rpc/virnettlscontext.c
|
|
|
43fe83 |
@@ -545,12 +545,12 @@ cleanup:
|
|
|
43fe83 |
|
|
|
43fe83 |
static int virNetTLSContextLoadCACertListFromFile(const char *certFile,
|
|
|
43fe83 |
gnutls_x509_crt_t *certs,
|
|
|
43fe83 |
+ unsigned int certMax,
|
|
|
43fe83 |
size_t *ncerts)
|
|
|
43fe83 |
{
|
|
|
43fe83 |
gnutls_datum_t data;
|
|
|
43fe83 |
char *buf = NULL;
|
|
|
43fe83 |
int ret = -1;
|
|
|
43fe83 |
- unsigned int certMax = *ncerts;
|
|
|
43fe83 |
|
|
|
43fe83 |
*ncerts = 0;
|
|
|
43fe83 |
VIR_DEBUG("certFile %s", certFile);
|
|
|
43fe83 |
@@ -584,15 +584,17 @@ static int virNetTLSContextSanityCheckCredentials(bool isServer,
|
|
|
43fe83 |
{
|
|
|
43fe83 |
gnutls_x509_crt_t cert = NULL;
|
|
|
43fe83 |
gnutls_x509_crt_t cacerts[MAX_CERTS];
|
|
|
43fe83 |
- size_t ncacerts = MAX_CERTS;
|
|
|
43fe83 |
+ size_t ncacerts = 0;
|
|
|
43fe83 |
size_t i;
|
|
|
43fe83 |
int ret = -1;
|
|
|
43fe83 |
|
|
|
43fe83 |
+ memset(cacerts, 0, sizeof(cacerts));
|
|
|
43fe83 |
if ((access(certFile, R_OK) == 0) &&
|
|
|
43fe83 |
!(cert = virNetTLSContextLoadCertFromFile(certFile, isServer)))
|
|
|
43fe83 |
goto cleanup;
|
|
|
43fe83 |
if ((access(cacertFile, R_OK) == 0) &&
|
|
|
43fe83 |
- virNetTLSContextLoadCACertListFromFile(cacertFile, cacerts, &ncacerts) < 0)
|
|
|
43fe83 |
+ virNetTLSContextLoadCACertListFromFile(cacertFile, cacerts,
|
|
|
43fe83 |
+ MAX_CERTS, &ncacerts) < 0)
|
|
|
43fe83 |
goto cleanup;
|
|
|
43fe83 |
|
|
|
43fe83 |
if (cert &&
|
|
|
43fe83 |
--
|
|
|
43fe83 |
1.8.3.2
|
|
|
43fe83 |
|