diff options
author | Kamil Dudka <kdudka@redhat.com> | 2015-02-24 15:10:15 +0100 |
---|---|---|
committer | Kamil Dudka <kdudka@redhat.com> | 2015-02-25 10:23:06 +0100 |
commit | 7a1538d9cc0736e0a9ab13cf115db40a0bfbb152 (patch) | |
tree | f98de0cd2cc3b7fa67401429052ffbab77b2534f /lib | |
parent | 0409a7d969831759c2afc016dbe02909c0ab6caf (diff) |
nss: improve error handling in Curl_nss_random()
The vtls layer now checks the return value, so it is no longer necessary
to abort if a random number cannot be provided by NSS. This also fixes
the following Coverity report:
Error: FORWARD_NULL (CWE-476):
lib/vtls/nss.c:1918: var_compare_op: Comparing "data" to null implies that "data" might be null.
lib/vtls/nss.c:1923: var_deref_model: Passing null pointer "data" to "Curl_failf", which dereferences it.
lib/sendf.c:154:3: deref_parm: Directly dereferencing parameter "data".
Diffstat (limited to 'lib')
-rw-r--r-- | lib/vtls/nss.c | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c index 16b9124f1..1dd56badb 100644 --- a/lib/vtls/nss.c +++ b/lib/vtls/nss.c @@ -1918,11 +1918,9 @@ int Curl_nss_random(struct SessionHandle *data, if(data) Curl_nss_seed(data); /* Initiate the seed if not already done */ - if(SECSuccess != PK11_GenerateRandom(entropy, curlx_uztosi(length))) { - /* no way to signal a failure from here, we have to abort */ - failf(data, "PK11_GenerateRandom() failed, calling abort()..."); - abort(); - } + if(SECSuccess != PK11_GenerateRandom(entropy, curlx_uztosi(length))) + /* signal a failure */ + return -1; return 0; } |