Commit 7199c89d authored by Peter Maydell's avatar Peter Maydell
Browse files

Merge remote-tracking branch 'remotes/berrange/tags/qcrypto-fixes-20151118-1' into staging 



Pull qcrypto fixes 2015/11/18 v1

# gpg: Signature made Wed 18 Nov 2015 15:44:07 GMT using RSA key ID 15104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>"
# gpg:                 aka "Daniel P. Berrange <berrange@redhat.com>"

* remotes/berrange/tags/qcrypto-fixes-20151118-1:
  crypto: avoid passing NULL to access() syscall
  crypto: fix leaks in TLS x509 helper functions
  crypto: fix mistaken setting of Error in success code path
  crypto: fix leak of gnutls_dh_params_t data on credential unload

Signed-off-by: default avatarPeter Maydell <peter.maydell@linaro.org>
parents ab9b872a 08cb175a

crypto/tlscredsx509.c

+6 −1
Original line number Diff line number Diff line
@@ -485,7 +485,8 @@ qcrypto_tls_creds_x509_sanity_check(QCryptoTLSCredsX509 *creds, 
    int ret = -1;



    memset(cacerts, 0, sizeof(cacerts));

    if (access(certFile, R_OK) == 0) {

    if (certFile &&

        access(certFile, R_OK) == 0) {

        cert = qcrypto_tls_creds_load_cert(creds,

                                           certFile, isServer,

                                           errp);
@@ -654,6 +655,10 @@ qcrypto_tls_creds_x509_unload(QCryptoTLSCredsX509 *creds) 
        gnutls_certificate_free_credentials(creds->data);

        creds->data = NULL;

    }

    if (creds->parent_obj.dh_params) {

        gnutls_dh_params_deinit(creds->parent_obj.dh_params);

        creds->parent_obj.dh_params = NULL;

    }

}

crypto/tlssession.c

+2 −2
Original line number Diff line number Diff line
@@ -304,9 +304,9 @@ qcrypto_tls_session_check_certificate(QCryptoTLSSession *session, 


                allow = qemu_acl_party_is_allowed(acl, session->peername);



                error_setg(errp, "TLS x509 ACL check for %s is %s",

                           session->peername, allow ? "allowed" : "denied");

                if (!allow) {

                    error_setg(errp, "TLS x509 ACL check for %s is denied",

                               session->peername);

                    goto error;

                }

            }

tests/crypto-tls-x509-helpers.c

+2 −0
Original line number Diff line number Diff line
@@ -153,6 +153,7 @@ test_tls_get_ipaddr(const char *addrstr, 
    *datalen = res->ai_addrlen;

    *data = g_new(char, *datalen);

    memcpy(*data, res->ai_addr, *datalen);

    freeaddrinfo(res);

}



/*
@@ -465,6 +466,7 @@ void test_tls_write_cert_chain(const char *filename, 
    if (!g_file_set_contents(filename, buffer, offset, NULL)) {

        abort();

    }

    g_free(buffer);

}