colin/NetworkManager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

crypto: cleanup error handling in nm_crypto_is_pkcs12_data()

Browse Source 
Our convention is that a function that fails MUST set the GError output.
No need to check for that in nm_crypto_is_pkcs12_data(). Simplify the
error paths.

Also, in gnutls' _nm_crypto_verify_pkcs12(), don't call gnutls_pkcs12_deinit()
before gnutls_strerror(). It's unclear whether that couldn't set a
different error reason.
This commit is contained in:
Thomas Haller
2022-03-19 00:30:05 +01:00
parent 79f676c83a
commit 9aa02f6543
3 changed files with 13 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/libnm-crypto/nm-crypto-gnutls.c
View File

@@ -330,18 +330,18 @@ _nm_crypto_verify_pkcs12(const guint8 *data, gsize data_len, const char *passwor
} }
err = gnutls_pkcs12_verify_mac(p12, password); err = gnutls_pkcs12_verify_mac(p12, password);
gnutls_pkcs12_deinit(p12);
if (err != GNUTLS_E_SUCCESS) { if (err != GNUTLS_E_SUCCESS) {
g_set_error(error, g_set_error(error,
_NM_CRYPTO_ERROR, _NM_CRYPTO_ERROR,
_NM_CRYPTO_ERROR_DECRYPTION_FAILED, _NM_CRYPTO_ERROR_DECRYPTION_FAILED,
_("Couldn't verify PKCS#12 file: %s"), _("Couldn't verify PKCS#12 file: %s"),
gnutls_strerror(err)); gnutls_strerror(err));
gnutls_pkcs12_deinit(p12);
return FALSE; return FALSE;
} }
gnutls_pkcs12_deinit(p12);
return TRUE; return TRUE;
} }

1
src/libnm-crypto/nm-crypto-nss.c
View File

@@ -509,6 +509,7 @@ out:
if (pw.data) if (pw.data)
SECITEM_ZfreeItem(&pw, PR_FALSE); SECITEM_ZfreeItem(&pw, PR_FALSE);
nm_assert(!error || (success == (!*error)));
return success; return success;
} }

21
src/libnm-crypto/nm-crypto.c
View File

@@ -757,8 +757,8 @@ out:
gboolean gboolean
nm_crypto_is_pkcs12_data(const guint8 *data, gsize data_len, GError **error) nm_crypto_is_pkcs12_data(const guint8 *data, gsize data_len, GError **error)
{ {
GError *local = NULL; gs_free_error GError *local = NULL;
gboolean success; gboolean success;
if (!data_len) { if (!data_len) {
g_set_error(error, g_set_error(error,
@@ -774,17 +774,14 @@ nm_crypto_is_pkcs12_data(const guint8 *data, gsize data_len, GError **error)
return FALSE; return FALSE;
success = _nm_crypto_verify_pkcs12(data, data_len, NULL, &local); success = _nm_crypto_verify_pkcs12(data, data_len, NULL, &local);
if (success == FALSE) {
/* If the error was just a decryption error, then it's pkcs#12 */ /* If the error was just a decryption error, then it's pkcs#12 */
if (local) { if (!success && !g_error_matches(local, _NM_CRYPTO_ERROR, _NM_CRYPTO_ERROR_DECRYPTION_FAILED)) {
if (g_error_matches(local, _NM_CRYPTO_ERROR, _NM_CRYPTO_ERROR_DECRYPTION_FAILED)) { g_propagate_error(error, g_steal_pointer(&local));
success = TRUE; return FALSE;
g_error_free(local);
} else
g_propagate_error(error, local);
}
} }
return success;
return TRUE;
} }
gboolean gboolean