aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel P. Berrange <berrange@redhat.com>2015-11-18 14:42:40 +0000
committerDaniel P. Berrange <berrange@redhat.com>2015-11-18 14:56:58 +0000
commit6ef8cd7a4142049707b70b8278aaa9d8ee2bc5f5 (patch)
tree4cde18e5ce9d3bd9b2dccdddc608951abcba781a
parent61b9251a3aaa65e65c4aab3a6800e884bb3b82f9 (diff)
crypto: fix mistaken setting of Error in success code path
The qcrypto_tls_session_check_certificate() method was setting an Error even when the ACL check suceeded. This didn't affect the callers detection of errors because they relied on the function return status, but this did cause a memory leak since the caller would not free an Error they did not expect to be set. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
-rw-r--r--crypto/tlssession.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/crypto/tlssession.c b/crypto/tlssession.c
index ffc5c47949..373552942c 100644
--- a/crypto/tlssession.c
+++ b/crypto/tlssession.c
@@ -304,9 +304,9 @@ qcrypto_tls_session_check_certificate(QCryptoTLSSession *session,
allow = qemu_acl_party_is_allowed(acl, session->peername);
- error_setg(errp, "TLS x509 ACL check for %s is %s",
- session->peername, allow ? "allowed" : "denied");
if (!allow) {
+ error_setg(errp, "TLS x509 ACL check for %s is denied",
+ session->peername);
goto error;
}
}