Commit 0e1d0245 authored Nov 13, 2015 by Daniel P. Berrangé Committed by Michael Tokarev Dec 04, 2015

crypto: avoid two coverity false positive error reports



In qcrypto_tls_creds_get_path() coverity complains that
we are checking '*creds' for NULL, despite having
dereferenced it previously. This is harmless bug due
to fact that the trace call was too early. Moving it
after the cleanup gets the desired semantics.

In qcrypto_tls_creds_check_cert_key_purpose() coverity
complains that we're passing a pointer to a previously
free'd buffer into gnutls_x509_crt_get_key_purpose_oid()
This is harmless because we're passing a size == 0, so
gnutls won't access the buffer, but rather just report
what size it needs to be. We can avoid it though by
explicitly setting the buffer to NULL after free'ing
it.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

parent 0ef74c74

crypto/tlscreds.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -123,10 +123,10 @@ qcrypto_tls_creds_get_path(QCryptoTLSCreds *creds,
		goto cleanup;
		}

		trace_qcrypto_tls_creds_get_path(creds, filename,
		cred ? cred : "<none>");
		ret = 0;
		cleanup:
		trace_qcrypto_tls_creds_get_path(creds, filename,
		cred ? cred : "<none>");
		return ret;
		}

crypto/tlscredsx509.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -255,6 +255,7 @@ qcrypto_tls_creds_check_cert_key_purpose(QCryptoTLSCredsX509 *creds,
		}

		g_free(buffer);
		buffer = NULL;
		}

		if (isServer) {