[glib-networking/mcatanzaro/ci] Refactor some code to work around a scan-build false-positive
- From: Michael Catanzaro <mcatanzaro src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [glib-networking/mcatanzaro/ci] Refactor some code to work around a scan-build false-positive
- Date: Thu, 9 Jul 2020 00:17:25 +0000 (UTC)
commit f8dd42185e3151f7dd4c03dc49f068ec08784a36
Author: Michael Catanzaro <mcatanzaro gnome org>
Date: Wed Jul 8 19:15:25 2020 -0500
Refactor some code to work around a scan-build false-positive
scan-build reports two false-positive warnings when processing this
code, complaining that we use zero-initialized memory when in fact we're
just assigning to it. It's not worth fighting so just refactor to avoid
it. scan-build is worth making a small change like this.
tls/gnutls/gtlsdatabase-gnutls.c | 58 +++++++++++++++++++++++++---------------
1 file changed, 36 insertions(+), 22 deletions(-)
---
diff --git a/tls/gnutls/gtlsdatabase-gnutls.c b/tls/gnutls/gtlsdatabase-gnutls.c
index fd191f2..3825a35 100644
--- a/tls/gnutls/gtlsdatabase-gnutls.c
+++ b/tls/gnutls/gtlsdatabase-gnutls.c
@@ -430,28 +430,44 @@ g_tls_database_gnutls_lookup_certificates_issued_by (GTlsDatabase *d
return issued;
}
+typedef struct {
+ gnutls_x509_crt_t *chain;
+ guint length;
+} CertificateChain;
+
+static CertificateChain *
+certificate_chain_new (void)
+{
+ return g_new0 (CertificateChain, 1);
+}
+
static void
-convert_certificate_chain_to_gnutls (GTlsCertificateGnutls *chain,
- gnutls_x509_crt_t **gnutls_chain,
- guint *gnutls_chain_length)
+certificate_chain_free (CertificateChain *chain)
+{
+ g_free (chain->chain);
+ g_free (chain);
+}
+
+static CertificateChain *
+convert_certificate_chain_to_gnutls (GTlsCertificateGnutls *chain)
{
GTlsCertificate *cert;
- guint i;
+ CertificateChain *gnutls_chain;
+ guint i = 0;
+
+ gnutls_chain = certificate_chain_new ();
- g_assert (gnutls_chain);
- g_assert (gnutls_chain_length);
+ for (cert = G_TLS_CERTIFICATE (chain); cert; cert = g_tls_certificate_get_issuer (cert))
+ gnutls_chain->length++;
- for (*gnutls_chain_length = 0, cert = G_TLS_CERTIFICATE (chain);
- cert; cert = g_tls_certificate_get_issuer (cert))
- ++(*gnutls_chain_length);
+ gnutls_chain->chain = g_new (gnutls_x509_crt_t, gnutls_chain->length);
- *gnutls_chain = g_new0 (gnutls_x509_crt_t, *gnutls_chain_length);
+ for (cert = G_TLS_CERTIFICATE (chain); cert; cert = g_tls_certificate_get_issuer (cert), i++)
+ gnutls_chain->chain[i] = g_tls_certificate_gnutls_get_cert (G_TLS_CERTIFICATE_GNUTLS (cert));
- for (i = 0, cert = G_TLS_CERTIFICATE (chain);
- cert; cert = g_tls_certificate_get_issuer (cert), ++i)
- (*gnutls_chain)[i] = g_tls_certificate_gnutls_get_cert (G_TLS_CERTIFICATE_GNUTLS (cert));
+ g_assert (i == gnutls_chain->length);
- g_assert (i == *gnutls_chain_length);
+ return gnutls_chain;
}
static GTlsCertificateFlags
@@ -468,8 +484,7 @@ g_tls_database_gnutls_verify_chain (GTlsDatabase *database,
GTlsDatabaseGnutlsPrivate *priv = g_tls_database_gnutls_get_instance_private (self);
GTlsCertificateFlags result;
guint gnutls_result;
- gnutls_x509_crt_t *certs;
- guint certs_length;
+ CertificateChain *gnutls_chain;
const char *hostname = NULL;
char *free_hostname = NULL;
int gerr;
@@ -481,15 +496,14 @@ g_tls_database_gnutls_verify_chain (GTlsDatabase *database,
if (g_cancellable_set_error_if_cancelled (cancellable, error))
return G_TLS_CERTIFICATE_GENERIC_ERROR;
- convert_certificate_chain_to_gnutls (G_TLS_CERTIFICATE_GNUTLS (chain),
- &certs, &certs_length);
+ gnutls_chain = convert_certificate_chain_to_gnutls (G_TLS_CERTIFICATE_GNUTLS (chain));
gerr = gnutls_x509_trust_list_verify_crt (priv->trust_list,
- certs, certs_length,
+ gnutls_chain->chain, gnutls_chain->length,
0, &gnutls_result, NULL);
if (gerr != 0 || g_cancellable_set_error_if_cancelled (cancellable, error))
{
- g_free (certs);
+ certificate_chain_free (gnutls_chain);
return G_TLS_CERTIFICATE_GENERIC_ERROR;
}
@@ -508,12 +522,12 @@ g_tls_database_gnutls_verify_chain (GTlsDatabase *database,
}
if (hostname)
{
- if (!gnutls_x509_crt_check_hostname (certs[0], hostname))
+ if (!gnutls_x509_crt_check_hostname (gnutls_chain->chain[0], hostname))
result |= G_TLS_CERTIFICATE_BAD_IDENTITY;
g_free (free_hostname);
}
- g_free (certs);
+ certificate_chain_free (gnutls_chain);
return result;
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
