Pull qcrypto fixes 2015/11/18 v1

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAABCAAGBQJWTJzHAAoJEL6G67QVEE/fB/AP/0KsXZRVD8oqhT+8lUjuCmUw EZvNOn4zG1xiQxmrls2fAoo/AzrjDt0MApxUljvfvI7z3hlmVGKv/i9d3vid15El 5HmJTubNWEJ7pdFtd678J+3TMnXwageWEFUUEVttGTL59ztCiB7vnjWlLntMypyb vOxFgWnkBfp93NK8+5Cs5aCZcuRoCkt2okdcNFthjRNbQwiLaWzj/qWyw6CIycAb LNU3qma696392A+jAl3sIk4REXbUkdjp1j1cfuil+O7WJwzZHhXHkuEHttIqZlA/ 2TsevfWEkszF5V9NNQ9ScJHgHBRCdgABQ+GkWlDYgm1T6EN16fdVPYcfzMxd5jpB mbP+yvDxV7/eDufAuZcOQpzyyP4z3aC+rwPoPt69lZFwLdnap7HBVLYlOUwY+zHv DAret/W32u2iFbIOv7ET4tGh7ynBNIX5mbS9TK4mfQQwbrCXokiypxuymLzXEfOS 3fit0F/sqaXBmetsr121OEhD0hrWwv8kHsBbcIgyNO5J05wwFwEN6L0zjIyizt/E w8aNA9cU8VksgLXrlUb9oZOuLzP+AN6RGHZUFwsY39QPY9aXipyHyKPc/q5oQ2lM tUVgfPCvaXNAG1Dh7tfQ8mCzvPkXogGKxAF676XrAto3qmx1eVQeUO1IEAChAEPN nXt4N5DeKrCVIqN/ZVGV =NS6A -----END PGP SIGNATURE----- Merge remote-tracking branch 'remotes/berrange/tags/qcrypto-fixes-20151118-1' into staging Pull qcrypto fixes 2015/11/18 v1 # gpg: Signature made Wed 18 Nov 2015 15:44:07 GMT using RSA key ID 15104FDF # gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" # gpg: aka "Daniel P. Berrange <berrange@redhat.com>" * remotes/berrange/tags/qcrypto-fixes-20151118-1: crypto: avoid passing NULL to access() syscall crypto: fix leaks in TLS x509 helper functions crypto: fix mistaken setting of Error in success code path crypto: fix leak of gnutls_dh_params_t data on credential unload Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2015-11-18 16:27:15 +00:00 · 2015-11-18 16:27:15 +00:00 · 7199c89d8c
parent ab9b872ab3 08cb175a24
commit 7199c89d8c
3 changed files with 10 additions and 3 deletions
--- a/crypto/tlscredsx509.c
+++ b/crypto/tlscredsx509.c
@ -485,7 +485,8 @@ qcrypto_tls_creds_x509_sanity_check(QCryptoTLSCredsX509 *creds,
    int ret = -1;

    memset(cacerts, 0, sizeof(cacerts));
-    if (access(certFile, R_OK) == 0) {
+    if (certFile &&
+        access(certFile, R_OK) == 0) {
        cert = qcrypto_tls_creds_load_cert(creds,
                                           certFile, isServer,
                                           errp);
@ -654,6 +655,10 @@ qcrypto_tls_creds_x509_unload(QCryptoTLSCredsX509 *creds)
        gnutls_certificate_free_credentials(creds->data);
        creds->data = NULL;
    }
+    if (creds->parent_obj.dh_params) {
+        gnutls_dh_params_deinit(creds->parent_obj.dh_params);
+        creds->parent_obj.dh_params = NULL;
+    }
 }


--- a/crypto/tlssession.c
+++ b/crypto/tlssession.c
@ -304,9 +304,9 @@ qcrypto_tls_session_check_certificate(QCryptoTLSSession *session,

                allow = qemu_acl_party_is_allowed(acl, session->peername);

-                error_setg(errp, "TLS x509 ACL check for %s is %s",
-                           session->peername, allow ? "allowed" : "denied");
                if (!allow) {
+                    error_setg(errp, "TLS x509 ACL check for %s is denied",
+                               session->peername);
                    goto error;
                }
            }
--- a/tests/crypto-tls-x509-helpers.c
+++ b/tests/crypto-tls-x509-helpers.c
@ -153,6 +153,7 @@ test_tls_get_ipaddr(const char *addrstr,
    *datalen = res->ai_addrlen;
    *data = g_new(char, *datalen);
    memcpy(*data, res->ai_addr, *datalen);
+    freeaddrinfo(res);
 }

 /*
@ -465,6 +466,7 @@ void test_tls_write_cert_chain(const char *filename,
    if (!g_file_set_contents(filename, buffer, offset, NULL)) {
        abort();
    }
+    g_free(buffer);
 }