SSL utils: Add proper check while getting bag type

Implementing proper return value check, as done for other gnutls function
calls, catches (unlikely) errors and allows C++ compatible build.

Change-Id: Idf5bd3fe6e68d006a469fe72663dea1c7e2d17f7
Reviewed-on: https://code.wireshark.org/review/16865
Reviewed-by: Guy Harris <guy@alum.mit.edu>

1 files changed, 6 insertions, 2 deletions

diff --git a/epan/dissectors/packet-ssl-utils.c b/epan/dissectors/packet-ssl-utils.c
index 080caa2378..62acd7e29a 100644
--- a/epan/dissectors/packet-ssl-utils.c
+++ b/epan/dissectors/packet-ssl-utils.c
@@ -3936,13 +3936,17 @@ ssl_load_pkcs12(FILE* fp, const gchar *cert_passwd, char** err) {
 
         for (j=0; j<gnutls_pkcs12_bag_get_count(bag); j++) {
 
-            bag_type = gnutls_pkcs12_bag_get_type(bag, j);
+            ret = gnutls_pkcs12_bag_get_type(bag, j);
+            if (ret < 0) goto done;
+            bag_type = (gnutls_pkcs12_bag_type_t)ret;
             if (bag_type >= GNUTLS_BAG_UNKNOWN) goto done;
             ssl_debug_printf( "Bag %d/%d: %s\n", i, j, BAGTYPE(bag_type));
             if (bag_type == GNUTLS_BAG_ENCRYPTED) {
                 ret = gnutls_pkcs12_bag_decrypt(bag, cert_passwd);
                 if (ret == 0) {
-                    bag_type = gnutls_pkcs12_bag_get_type(bag, j);
+                    ret = gnutls_pkcs12_bag_get_type(bag, j);
+                    if (ret < 0) goto done;
+                    bag_type = (gnutls_pkcs12_bag_type_t)ret;
                     if (bag_type >= GNUTLS_BAG_UNKNOWN) goto done;
                     ssl_debug_printf( "Bag %d/%d decrypted: %s\n", i, j, BAGTYPE(bag_type));
                 }