aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Maydell <peter.maydell@linaro.org>2015-11-18 16:27:15 +0000
committerPeter Maydell <peter.maydell@linaro.org>2015-11-18 16:27:15 +0000
commit7199c89d8c6bbd0eda2cadb0d3fc7149934202bf (patch)
tree41461fa22c48535998b5e2ad669fb9442ccf48c7
parentab9b872ab3147faf3c04e91d525815b9139dd996 (diff)
parent08cb175a24d642a40e41db2fef2892b0a1ab504e (diff)
Merge remote-tracking branch 'remotes/berrange/tags/qcrypto-fixes-20151118-1' into staging
Pull qcrypto fixes 2015/11/18 v1 # gpg: Signature made Wed 18 Nov 2015 15:44:07 GMT using RSA key ID 15104FDF # gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" # gpg: aka "Daniel P. Berrange <berrange@redhat.com>" * remotes/berrange/tags/qcrypto-fixes-20151118-1: crypto: avoid passing NULL to access() syscall crypto: fix leaks in TLS x509 helper functions crypto: fix mistaken setting of Error in success code path crypto: fix leak of gnutls_dh_params_t data on credential unload Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-rw-r--r--crypto/tlscredsx509.c7
-rw-r--r--crypto/tlssession.c4
-rw-r--r--tests/crypto-tls-x509-helpers.c2
3 files changed, 10 insertions, 3 deletions
diff --git a/crypto/tlscredsx509.c b/crypto/tlscredsx509.c
index dc46bc40f7..d080deb83e 100644
--- a/crypto/tlscredsx509.c
+++ b/crypto/tlscredsx509.c
@@ -485,7 +485,8 @@ qcrypto_tls_creds_x509_sanity_check(QCryptoTLSCredsX509 *creds,
int ret = -1;
memset(cacerts, 0, sizeof(cacerts));
- if (access(certFile, R_OK) == 0) {
+ if (certFile &&
+ access(certFile, R_OK) == 0) {
cert = qcrypto_tls_creds_load_cert(creds,
certFile, isServer,
errp);
@@ -654,6 +655,10 @@ qcrypto_tls_creds_x509_unload(QCryptoTLSCredsX509 *creds)
gnutls_certificate_free_credentials(creds->data);
creds->data = NULL;
}
+ if (creds->parent_obj.dh_params) {
+ gnutls_dh_params_deinit(creds->parent_obj.dh_params);
+ creds->parent_obj.dh_params = NULL;
+ }
}
diff --git a/crypto/tlssession.c b/crypto/tlssession.c
index ffc5c47949..373552942c 100644
--- a/crypto/tlssession.c
+++ b/crypto/tlssession.c
@@ -304,9 +304,9 @@ qcrypto_tls_session_check_certificate(QCryptoTLSSession *session,
allow = qemu_acl_party_is_allowed(acl, session->peername);
- error_setg(errp, "TLS x509 ACL check for %s is %s",
- session->peername, allow ? "allowed" : "denied");
if (!allow) {
+ error_setg(errp, "TLS x509 ACL check for %s is denied",
+ session->peername);
goto error;
}
}
diff --git a/tests/crypto-tls-x509-helpers.c b/tests/crypto-tls-x509-helpers.c
index c5de67baaf..47b4c7ba53 100644
--- a/tests/crypto-tls-x509-helpers.c
+++ b/tests/crypto-tls-x509-helpers.c
@@ -153,6 +153,7 @@ test_tls_get_ipaddr(const char *addrstr,
*datalen = res->ai_addrlen;
*data = g_new(char, *datalen);
memcpy(*data, res->ai_addr, *datalen);
+ freeaddrinfo(res);
}
/*
@@ -465,6 +466,7 @@ void test_tls_write_cert_chain(const char *filename,
if (!g_file_set_contents(filename, buffer, offset, NULL)) {
abort();
}
+ g_free(buffer);
}