crypto: avoid two coverity false positive error reports

In qcrypto_tls_creds_get_path() coverity complains that we are checking '*creds' for NULL, despite having dereferenced it previously. This is harmless bug due to fact that the trace call was too early. Moving it after the cleanup gets the desired semantics. In qcrypto_tls_creds_check_cert_key_purpose() coverity complains that we're passing a pointer to a previously free'd buffer into gnutls_x509_crt_get_key_purpose_oid() This is harmless because we're passing a size == 0, so gnutls won't access the buffer, but rather just report what size it needs to be. We can avoid it though by explicitly setting the buffer to NULL after free'ing it. Signed-off-by: Daniel P. Berrange <berrange@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2015-11-13 17:45:27 +00:00 · 2015-11-13 17:45:27 +00:00 · 0e1d02452b
parent 0ef74c7496
commit 0e1d02452b
2 changed files with 3 additions and 2 deletions
--- a/crypto/tlscreds.c
+++ b/crypto/tlscreds.c
@ -123,10 +123,10 @@ qcrypto_tls_creds_get_path(QCryptoTLSCreds *creds,
        goto cleanup;
    }

-    trace_qcrypto_tls_creds_get_path(creds, filename,
-                                     *cred ? *cred : "<none>");
    ret = 0;
 cleanup:
+    trace_qcrypto_tls_creds_get_path(creds, filename,
+                                     *cred ? *cred : "<none>");
    return ret;
 }

--- a/crypto/tlscredsx509.c
+++ b/crypto/tlscredsx509.c
@ -255,6 +255,7 @@ qcrypto_tls_creds_check_cert_key_purpose(QCryptoTLSCredsX509 *creds,
        }

        g_free(buffer);
+        buffer = NULL;
    }

    if (isServer) {