crypto: avoid passing NULL to access() syscall

The qcrypto_tls_creds_x509_sanity_check() checks whether certs exist by calling access(). It is valid for this method to be invoked with certfile==NULL though, since for client credentials the cert is optional. This caused it to call access(NULL), which happens to be harmless on current Linux, but should none the less be avoided. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-11-18 15:42:26 +00:00 · 2015-11-18 15:42:26 +00:00 · 08cb175a24
parent 7b35030eed
commit 08cb175a24
1 changed files with 2 additions and 1 deletions
--- a/crypto/tlscredsx509.c
+++ b/crypto/tlscredsx509.c
@ -485,7 +485,8 @@ qcrypto_tls_creds_x509_sanity_check(QCryptoTLSCredsX509 *creds,
    int ret = -1;

    memset(cacerts, 0, sizeof(cacerts));
-    if (access(certFile, R_OK) == 0) {
+    if (certFile &&
+        access(certFile, R_OK) == 0) {
        cert = qcrypto_tls_creds_load_cert(creds,
                                           certFile, isServer,
                                           errp);