render / rpms / libvirt

Forked from rpms/libvirt 10 months ago
Clone
43fe83
From 1bf9fb12d2d9cca51a06f099918b35e24c29ef8e Mon Sep 17 00:00:00 2001
43fe83
Message-Id: <1bf9fb12d2d9cca51a06f099918b35e24c29ef8e.1377873639.git.jdenemar@redhat.com>
43fe83
From: John Ferlan <jferlan@redhat.com>
43fe83
Date: Fri, 9 Aug 2013 07:06:34 -0400
43fe83
Subject: [PATCH] virnettlscontext: Resolve Coverity warnings (UNINIT)
43fe83
43fe83
https://bugzilla.redhat.com/show_bug.cgi?id=994158
43fe83
43fe83
Coverity complained about the usage of the uninitialized cacerts in the
43fe83
event(s) that "access(certFile, R_OK)" and/or "access(cacertFile, R_OK)"
43fe83
fail the for loop used to fill in the certs will have indeterminate data
43fe83
as well as the possibility that both failures would result in the
43fe83
gnutls_x509_crt_deinit() call having a similar fate.
43fe83
43fe83
Initializing cacerts only would resolve the issue; however, it still
43fe83
would leave the indeterminate action, so rather add a parameter to
43fe83
the virNetTLSContextLoadCACertListFromFile() to pass the max size rather
43fe83
then overloading the returned count parameter. If the the call is never
43fe83
made, then we won't go through the for loops referencing the empty
43fe83
cacerts
43fe83
43fe83
(cherry picked from commit f905cc998449c89339d0e2894a71d9a9e45293e5)
43fe83
---
43fe83
 src/rpc/virnettlscontext.c | 8 +++++---
43fe83
 1 file changed, 5 insertions(+), 3 deletions(-)
43fe83
43fe83
diff --git a/src/rpc/virnettlscontext.c b/src/rpc/virnettlscontext.c
43fe83
index 2beee8f..7cee27c 100644
43fe83
--- a/src/rpc/virnettlscontext.c
43fe83
+++ b/src/rpc/virnettlscontext.c
43fe83
@@ -545,12 +545,12 @@ cleanup:
43fe83
 
43fe83
 static int virNetTLSContextLoadCACertListFromFile(const char *certFile,
43fe83
                                                   gnutls_x509_crt_t *certs,
43fe83
+                                                  unsigned int certMax,
43fe83
                                                   size_t *ncerts)
43fe83
 {
43fe83
     gnutls_datum_t data;
43fe83
     char *buf = NULL;
43fe83
     int ret = -1;
43fe83
-    unsigned int certMax = *ncerts;
43fe83
 
43fe83
     *ncerts = 0;
43fe83
     VIR_DEBUG("certFile %s", certFile);
43fe83
@@ -584,15 +584,17 @@ static int virNetTLSContextSanityCheckCredentials(bool isServer,
43fe83
 {
43fe83
     gnutls_x509_crt_t cert = NULL;
43fe83
     gnutls_x509_crt_t cacerts[MAX_CERTS];
43fe83
-    size_t ncacerts = MAX_CERTS;
43fe83
+    size_t ncacerts = 0;
43fe83
     size_t i;
43fe83
     int ret = -1;
43fe83
 
43fe83
+    memset(cacerts, 0, sizeof(cacerts));
43fe83
     if ((access(certFile, R_OK) == 0) &&
43fe83
         !(cert = virNetTLSContextLoadCertFromFile(certFile, isServer)))
43fe83
         goto cleanup;
43fe83
     if ((access(cacertFile, R_OK) == 0) &&
43fe83
-        virNetTLSContextLoadCACertListFromFile(cacertFile, cacerts, &ncacerts) < 0)
43fe83
+        virNetTLSContextLoadCACertListFromFile(cacertFile, cacerts,
43fe83
+                                               MAX_CERTS, &ncacerts) < 0)
43fe83
         goto cleanup;
43fe83
 
43fe83
     if (cert &&
43fe83
-- 
43fe83
1.8.3.2
43fe83