aboutsummaryrefslogtreecommitdiff
path: root/lib/vtls
diff options
context:
space:
mode:
authorKamil Dudka <kdudka@redhat.com>2015-02-24 15:10:15 +0100
committerKamil Dudka <kdudka@redhat.com>2015-02-25 10:23:06 +0100
commit7a1538d9cc0736e0a9ab13cf115db40a0bfbb152 (patch)
treef98de0cd2cc3b7fa67401429052ffbab77b2534f /lib/vtls
parent0409a7d969831759c2afc016dbe02909c0ab6caf (diff)
nss: improve error handling in Curl_nss_random()
The vtls layer now checks the return value, so it is no longer necessary to abort if a random number cannot be provided by NSS. This also fixes the following Coverity report: Error: FORWARD_NULL (CWE-476): lib/vtls/nss.c:1918: var_compare_op: Comparing "data" to null implies that "data" might be null. lib/vtls/nss.c:1923: var_deref_model: Passing null pointer "data" to "Curl_failf", which dereferences it. lib/sendf.c:154:3: deref_parm: Directly dereferencing parameter "data".
Diffstat (limited to 'lib/vtls')
-rw-r--r--lib/vtls/nss.c8
1 files changed, 3 insertions, 5 deletions
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index 16b9124f1..1dd56badb 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -1918,11 +1918,9 @@ int Curl_nss_random(struct SessionHandle *data,
if(data)
Curl_nss_seed(data); /* Initiate the seed if not already done */
- if(SECSuccess != PK11_GenerateRandom(entropy, curlx_uztosi(length))) {
- /* no way to signal a failure from here, we have to abort */
- failf(data, "PK11_GenerateRandom() failed, calling abort()...");
- abort();
- }
+ if(SECSuccess != PK11_GenerateRandom(entropy, curlx_uztosi(length)))
+ /* signal a failure */
+ return -1;
return 0;
}