[v2] Misc crypto & UI patches

[PULL v2 3/4] crypto/x509-utils: Check for error from gnutls_x509_crt_init()

Posted by Daniel P. Berrangé 3 months, 3 weeks ago

From: Peter Maydell <peter.maydell@linaro.org>

Coverity notes that in qcrypto_get_x509_cert_fingerprint() we
call gnutls_x509_crt_init() but don't check for an error return.
Add the missing check.

Coverity: CID 1593155
Fixes: 10a1d34fc0d ("crypto: Introduce x509 utils")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 crypto/x509-utils.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/crypto/x509-utils.c b/crypto/x509-utils.c
index 8bad00a51b..39bb6d4d8c 100644
--- a/crypto/x509-utils.c
+++ b/crypto/x509-utils.c
@@ -46,7 +46,11 @@ int qcrypto_get_x509_cert_fingerprint(uint8_t *cert, size_t size,
         return -1;
     }
 
-    gnutls_x509_crt_init(&crt);
+    if (gnutls_x509_crt_init(&crt) < 0) {
+        error_setg(errp, "Unable to initialize certificate: %s",
+                   gnutls_strerror(ret));
+        return -1;
+    }
 
     if (gnutls_x509_crt_import(crt, &datum, GNUTLS_X509_FMT_PEM) != 0) {
         error_setg(errp, "Failed to import certificate");
-- 
2.50.1

[PULL v2 1/4] ui: fix setting client_endian field defaults
[PULL v2 2/4] ui: add trace events for all client messages
[PULL v2 3/4] crypto/x509-utils: Check for error from gnutls_x509_crt_init()
[PULL v2 4/4] crypto: load all certificates in X509 CA file