From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58805) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Zz4xf-0005MY-Nh for qemu-devel@nongnu.org; Wed, 18 Nov 2015 10:47:56 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Zz4xf-0001Zv-1D for qemu-devel@nongnu.org; Wed, 18 Nov 2015 10:47:55 -0500 Received: from mx1.redhat.com ([209.132.183.28]:41246) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Zz4xe-0001Zm-T2 for qemu-devel@nongnu.org; Wed, 18 Nov 2015 10:47:54 -0500 From: "Daniel P. Berrange" Date: Wed, 18 Nov 2015 15:47:44 +0000 Message-Id: <1447861664-16283-5-git-send-email-berrange@redhat.com> In-Reply-To: <1447861664-16283-1-git-send-email-berrange@redhat.com> References: <1447861664-16283-1-git-send-email-berrange@redhat.com> Subject: [Qemu-devel] [PULL v1 (for 2.5) 4/4] crypto: avoid passing NULL to access() syscall List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: Peter Maydell The qcrypto_tls_creds_x509_sanity_check() checks whether certs exist by calling access(). It is valid for this method to be invoked with certfile==NULL though, since for client credentials the cert is optional. This caused it to call access(NULL), which happens to be harmless on current Linux, but should none the less be avoided. Signed-off-by: Daniel P. Berrange --- crypto/tlscredsx509.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/tlscredsx509.c b/crypto/tlscredsx509.c index c5d1a0d..d080deb 100644 --- a/crypto/tlscredsx509.c +++ b/crypto/tlscredsx509.c @@ -485,7 +485,8 @@ qcrypto_tls_creds_x509_sanity_check(QCryptoTLSCredsX509 *creds, int ret = -1; memset(cacerts, 0, sizeof(cacerts)); - if (access(certFile, R_OK) == 0) { + if (certFile && + access(certFile, R_OK) == 0) { cert = qcrypto_tls_creds_load_cert(creds, certFile, isServer, errp); -- 2.5.0