generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

nss: improve error handling in Curl_nss_random()

Browse Source 
The vtls layer now checks the return value, so it is no longer necessary
to abort if a random number cannot be provided by NSS.  This also fixes
the following Coverity report:

Error: FORWARD_NULL (CWE-476):
lib/vtls/nss.c:1918: var_compare_op: Comparing "data" to null implies that "data" might be null.
lib/vtls/nss.c:1923: var_deref_model: Passing null pointer "data" to "Curl_failf", which dereferences it.
lib/sendf.c:154:3: deref_parm: Directly dereferencing parameter "data".
This commit is contained in:
Kamil Dudka 2015-02-24 15:10:15 +01:00
parent 0409a7d969
commit 7a1538d9cc
1 changed files with 3 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/vtls/nss.c
View File

@ -1918,11 +1918,9 @@ int Curl_nss_random(struct SessionHandle *data,
if(data) if(data)
Curl_nss_seed(data); /* Initiate the seed if not already done */ Curl_nss_seed(data); /* Initiate the seed if not already done */
if(SECSuccess != PK11_GenerateRandom(entropy, curlx_uztosi(length))) { if(SECSuccess != PK11_GenerateRandom(entropy, curlx_uztosi(length)))
/* no way to signal a failure from here, we have to abort */ /* signal a failure */
failf(data, "PK11_GenerateRandom() failed, calling abort()..."); return -1;
abort();
}
return 0; return 0;
} }