On Mon, Mar 23, 2026 at 9:36 AM Eelco Chaudron <[email protected]> wrote:
>
>
> On 17 Mar 2026, at 19:55, Mike Pattrick via dev wrote:
>
> > Previously read_cert_file() only checked for EOF as returned by getc
> > when reading a cert file. This patch checks for ferror and feof before
> > continuing to loop over file contents.
> >
> > Found with clang analyze.
> >
> > Fixes: 9467fe624698 ("Add SSL support to "stream" library and OVSDB.")
> > Signed-off-by: Mike Pattrick <[email protected]>
> Hi Mike,
>
> See comment below.
>
> //Eelco
>
> > ---
> > lib/stream-ssl.c | 6 +++++-
> > 1 file changed, 5 insertions(+), 1 deletion(-)
> >
> > diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c
> > index c8eb26b2a..aafe4a90d 100644
> > --- a/lib/stream-ssl.c
> > +++ b/lib/stream-ssl.c
> > @@ -1421,7 +1421,11 @@ read_cert_file(const char *file_name, X509
> ***certs, size_t *n_certs)
> > /* Are there additional certificates in the file? */
> > do {
> > c = getc(file);
> > - } while (isspace(c));
> > + if (ferror(file)) {
> > + c = EOF;
> > + break;
> > + }
> > + } while (isspace(c) && !feof(file));
>
> Would only the below not be enough? getc() should return EOF on error
> or end of file, no need to call feof()/ferror() explicitly (I think).
>
> } while (c != EOF && isspace(c));
>
>
You're right! I was under the incorrect assumption that the getc returncode
is undefined in ferror, but that isn't correct. Your solution is better.
-M
> > if (c == EOF) {
> > break;
> > }
> > --
> > 2.53.0
> >
> > _______________________________________________
> > dev mailing list
> > [email protected]
> > https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>
>
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
