diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2015-11-18 16:27:15 +0000 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2015-11-18 16:27:15 +0000 |
| commit | 7199c89d8c6bbd0eda2cadb0d3fc7149934202bf (patch) | |
| tree | 41461fa22c48535998b5e2ad669fb9442ccf48c7 | |
| parent | ab9b872ab3147faf3c04e91d525815b9139dd996 (diff) | |
| parent | 08cb175a24d642a40e41db2fef2892b0a1ab504e (diff) | |
| download | qemu-7199c89d8c6bbd0eda2cadb0d3fc7149934202bf.tar.gz | |
Merge remote-tracking branch 'remotes/berrange/tags/qcrypto-fixes-20151118-1' into staging
Pull qcrypto fixes 2015/11/18 v1
# gpg: Signature made Wed 18 Nov 2015 15:44:07 GMT using RSA key ID 15104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>"
# gpg: aka "Daniel P. Berrange <berrange@redhat.com>"
* remotes/berrange/tags/qcrypto-fixes-20151118-1:
crypto: avoid passing NULL to access() syscall
crypto: fix leaks in TLS x509 helper functions
crypto: fix mistaken setting of Error in success code path
crypto: fix leak of gnutls_dh_params_t data on credential unload
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| -rw-r--r-- | crypto/tlscredsx509.c | 7 | ||||
| -rw-r--r-- | crypto/tlssession.c | 4 | ||||
| -rw-r--r-- | tests/crypto-tls-x509-helpers.c | 2 |
3 files changed, 10 insertions, 3 deletions
diff --git a/crypto/tlscredsx509.c b/crypto/tlscredsx509.c index dc46bc40f7..d080deb83e 100644 --- a/crypto/tlscredsx509.c +++ b/crypto/tlscredsx509.c @@ -485,7 +485,8 @@ qcrypto_tls_creds_x509_sanity_check(QCryptoTLSCredsX509 *creds, int ret = -1; memset(cacerts, 0, sizeof(cacerts)); - if (access(certFile, R_OK) == 0) { + if (certFile && + access(certFile, R_OK) == 0) { cert = qcrypto_tls_creds_load_cert(creds, certFile, isServer, errp); @@ -654,6 +655,10 @@ qcrypto_tls_creds_x509_unload(QCryptoTLSCredsX509 *creds) gnutls_certificate_free_credentials(creds->data); creds->data = NULL; } + if (creds->parent_obj.dh_params) { + gnutls_dh_params_deinit(creds->parent_obj.dh_params); + creds->parent_obj.dh_params = NULL; + } } diff --git a/crypto/tlssession.c b/crypto/tlssession.c index ffc5c47949..373552942c 100644 --- a/crypto/tlssession.c +++ b/crypto/tlssession.c @@ -304,9 +304,9 @@ qcrypto_tls_session_check_certificate(QCryptoTLSSession *session, allow = qemu_acl_party_is_allowed(acl, session->peername); - error_setg(errp, "TLS x509 ACL check for %s is %s", - session->peername, allow ? "allowed" : "denied"); if (!allow) { + error_setg(errp, "TLS x509 ACL check for %s is denied", + session->peername); goto error; } } diff --git a/tests/crypto-tls-x509-helpers.c b/tests/crypto-tls-x509-helpers.c index c5de67baaf..47b4c7ba53 100644 --- a/tests/crypto-tls-x509-helpers.c +++ b/tests/crypto-tls-x509-helpers.c @@ -153,6 +153,7 @@ test_tls_get_ipaddr(const char *addrstr, *datalen = res->ai_addrlen; *data = g_new(char, *datalen); memcpy(*data, res->ai_addr, *datalen); + freeaddrinfo(res); } /* @@ -465,6 +466,7 @@ void test_tls_write_cert_chain(const char *filename, if (!g_file_set_contents(filename, buffer, offset, NULL)) { abort(); } + g_free(buffer); } |