crypto: avoid passing NULL to access() syscall

The qcrypto_tls_creds_x509_sanity_check() checks whether certs exist by calling access(). It is valid for this method to be invoked with certfile==NULL though, since for client credentials the cert is optional. This caused it to call access(NULL), which happens to be harmless on current Linux, but should none the less be avoided. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
author: Daniel P. Berrange 2015-11-18 16:42:26 +0100
committer: Daniel P. Berrange 2015-11-18 16:42:26 +0100
commit: 08cb175a24d642a40e41db2fef2892b0a1ab504e (patch)
tree: d57548eda93223e0b2d953ee4a9a055bfd91754e
parent: crypto: fix leaks in TLS x509 helper functions (diff)
download: qemu-08cb175a24d642a40e41db2fef2892b0a1ab504e.tar.gz
qemu-08cb175a24d642a40e41db2fef2892b0a1ab504e.tar.xz
qemu-08cb175a24d642a40e41db2fef2892b0a1ab504e.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/crypto/tlscredsx509.c b/crypto/tlscredsx509.c
index c5d1a0de30..d080deb83e 100644
--- a/crypto/tlscredsx509.c
+++ b/crypto/tlscredsx509.c
@@ -485,7 +485,8 @@ qcrypto_tls_creds_x509_sanity_check(QCryptoTLSCredsX509 *creds,
     int ret = -1;
 
     memset(cacerts, 0, sizeof(cacerts));
-    if (access(certFile, R_OK) == 0) {
+    if (certFile &&
+        access(certFile, R_OK) == 0) {
         cert = qcrypto_tls_creds_load_cert(creds,
                                            certFile, isServer,
                                            errp);
author	Daniel P. Berrange	2015-11-18 16:42:26 +0100
committer	Daniel P. Berrange	2015-11-18 16:42:26 +0100
commit	08cb175a24d642a40e41db2fef2892b0a1ab504e (patch)
tree	d57548eda93223e0b2d953ee4a9a055bfd91754e
parent	crypto: fix leaks in TLS x509 helper functions (diff)
download	qemu-08cb175a24d642a40e41db2fef2892b0a1ab504e.tar.gz qemu-08cb175a24d642a40e41db2fef2892b0a1ab504e.tar.xz qemu-08cb175a24d642a40e41db2fef2892b0a1ab504e.zip