[gcr] gcr-trust: Fix a potential NULL pointer dereference

[Stefan Walter <stefw src gnome org>]

commit decba1e6c29a480d35b454cba0e3d3d420ea2a2f
Author: Philip Withnall <philip withnall collabora co uk>
Date:   Fri Nov 29 11:59:12 2013 +0000

    gcr-trust: Fix a potential NULL pointer dereference
    
    The error handling in perform_add_pinned_certificate() didn’t allow for
    error to be NULL, but it could easily have been NULL since
    perform_add_pinned_certificate() is called from public functions with
    GError arguments.
    
    Rework the error handling to use a local GError and propagate it to the
    caller. This should prevent crashes if error is NULL.
    
    Found by scan-build.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=719545

 gcr/gcr-trust.c |   20 +++++++++-----------
 1 files changed, 9 insertions(+), 11 deletions(-)
---
diff --git a/gcr/gcr-trust.c b/gcr/gcr-trust.c
index e8e55e0..a77dc8f 100644
--- a/gcr/gcr-trust.c
+++ b/gcr/gcr-trust.c
@@ -340,15 +340,13 @@ perform_add_pinned_certificate (GckAttributes *search,
        en = gck_slots_enumerate_objects (slots, search, CKF_RW_SESSION);
        gck_list_unref_free (slots);
 
-       /* We need an error below */
-       if (error && !*error)
-               *error = lerr;
-
-       object = gck_enumerator_next (en, cancellable, error);
+       object = gck_enumerator_next (en, cancellable, &lerr);
        g_object_unref (en);
 
-       if (*error)
+       if (lerr != NULL) {
+               g_propagate_error (error, lerr);
                return FALSE;
+       }
 
        /* It already exists */
        if (object) {
@@ -363,17 +361,17 @@ perform_add_pinned_certificate (GckAttributes *search,
        /* Find an appropriate token */
        slot = gcr_pkcs11_get_trust_store_slot ();
        if (slot == NULL) {
-               g_set_error (error, GCK_ERROR, CKR_FUNCTION_FAILED,
+               g_set_error (&lerr, GCK_ERROR, CKR_FUNCTION_FAILED,
                             /* Translators: A pinned certificate is an exception which
                                trusts a given certificate explicitly for a purpose and
                                communication with a certain peer. */
                             _("Couldn't find a place to store the pinned certificate"));
                ret = FALSE;
        } else {
-               session = gck_slot_open_session (slot, CKF_RW_SESSION, NULL, error);
+               session = gck_slot_open_session (slot, CKF_RW_SESSION, NULL, &lerr);
                if (session != NULL) {
                        object = gck_session_create_object (session, gck_builder_end (&builder),
-                                                           cancellable, error);
+                                                           cancellable, &lerr);
                        if (object != NULL) {
                                g_object_unref (object);
                                ret = TRUE;
@@ -387,8 +385,8 @@ perform_add_pinned_certificate (GckAttributes *search,
 
        gck_builder_clear (&builder);
 
-       /* Our own local error pointer */
-       g_clear_error (&lerr);
+       if (!ret)
+               g_propagate_error (error, lerr);
 
        return ret;
 }