From: Peter Maydell <peter.mayd...@linaro.org>
Coverity notes that in qcrypto_get_x509_cert_fingerprint() we
call gnutls_x509_crt_init() but don't check for an error return.
Add the missing check.
Coverity: CID 1593155
Fixes: 10a1d34fc0d ("crypto: Introduce x509 utils")
Signed-off-by: Peter Maydell <peter.mayd...@linaro.org>
Reviewed-by: Daniel P. Berrangé <berra...@redhat.com>
Signed-off-by: Daniel P. Berrangé <berra...@redhat.com>
---
crypto/x509-utils.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/crypto/x509-utils.c b/crypto/x509-utils.c
index 8bad00a51b..39bb6d4d8c 100644
--- a/crypto/x509-utils.c
+++ b/crypto/x509-utils.c
@@ -46,7 +46,11 @@ int qcrypto_get_x509_cert_fingerprint(uint8_t *cert, size_t
size,
return -1;
}
- gnutls_x509_crt_init(&crt);
+ if (gnutls_x509_crt_init(&crt) < 0) {
+ error_setg(errp, "Unable to initialize certificate: %s",
+ gnutls_strerror(ret));
+ return -1;
+ }
if (gnutls_x509_crt_import(crt, &datum, GNUTLS_X509_FMT_PEM) != 0) {
error_setg(errp, "Failed to import certificate");
--
2.50.1
