fridtjof/qemu-cr16
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

crypto: remove redundant access() checks before loading certs

Browse source 
The qcrypto_tls_creds_get_path method will perform an access()
check on the file and return a NULL path if it fails. By the
time we get to loading the cert files we know they must exist
on disk and thus the second access() check is redundant.

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrangé 2025-10-29 14:12:47 +00:00
parent 2114ae9faa
commit 9fe991d0a4
1 changed files with 10 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

22
crypto/tlscredsx509.c
View file

@ -496,8 +496,7 @@ qcrypto_tls_creds_x509_sanity_check(QCryptoTLSCredsX509 *creds,
size_t i;
int ret = -1;
if (certFile &&
access(certFile, R_OK) == 0) {
if (certFile) {
if (qcrypto_tls_creds_load_cert_list(creds,
certFile,
&certs,
@ -508,16 +507,15 @@ qcrypto_tls_creds_x509_sanity_check(QCryptoTLSCredsX509 *creds,
goto cleanup;
}
}
if (access(cacertFile, R_OK) == 0) {
if (qcrypto_tls_creds_load_cert_list(creds,
cacertFile,
&cacerts,
&ncacerts,
isServer,
true,
errp) < 0) {
goto cleanup;
}
if (qcrypto_tls_creds_load_cert_list(creds,
cacertFile,
&cacerts,
&ncacerts,
isServer,
true,
errp) < 0) {
goto cleanup;
}
for (i = 0; i < ncerts; i++) {