aboutsummaryrefslogtreecommitdiff
path: root/crypto
diff options
context:
space:
mode:
authorDaniel P. Berrange <berrange@redhat.com>2015-11-18 15:42:26 +0000
committerDaniel P. Berrange <berrange@redhat.com>2015-11-18 15:42:26 +0000
commit08cb175a24d642a40e41db2fef2892b0a1ab504e (patch)
treed57548eda93223e0b2d953ee4a9a055bfd91754e /crypto
parent7b35030eedc26eff82210caa2b0fff2f9d0df453 (diff)
downloadqemu-08cb175a24d642a40e41db2fef2892b0a1ab504e.zip
qemu-08cb175a24d642a40e41db2fef2892b0a1ab504e.tar.gz
qemu-08cb175a24d642a40e41db2fef2892b0a1ab504e.tar.bz2
crypto: avoid passing NULL to access() syscall
The qcrypto_tls_creds_x509_sanity_check() checks whether certs exist by calling access(). It is valid for this method to be invoked with certfile==NULL though, since for client credentials the cert is optional. This caused it to call access(NULL), which happens to be harmless on current Linux, but should none the less be avoided. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Diffstat (limited to 'crypto')
-rw-r--r--crypto/tlscredsx509.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/crypto/tlscredsx509.c b/crypto/tlscredsx509.c
index c5d1a0d..d080deb 100644
--- a/crypto/tlscredsx509.c
+++ b/crypto/tlscredsx509.c
@@ -485,7 +485,8 @@ qcrypto_tls_creds_x509_sanity_check(QCryptoTLSCredsX509 *creds,
int ret = -1;
memset(cacerts, 0, sizeof(cacerts));
- if (access(certFile, R_OK) == 0) {
+ if (certFile &&
+ access(certFile, R_OK) == 0) {
cert = qcrypto_tls_creds_load_cert(creds,
certFile, isServer,
errp);