From 7a1538d9cc0736e0a9ab13cf115db40a0bfbb152 Mon Sep 17 00:00:00 2001 From: Kamil Dudka Date: Tue, 24 Feb 2015 15:10:15 +0100 Subject: [PATCH] nss: improve error handling in Curl_nss_random() The vtls layer now checks the return value, so it is no longer necessary to abort if a random number cannot be provided by NSS. This also fixes the following Coverity report: Error: FORWARD_NULL (CWE-476): lib/vtls/nss.c:1918: var_compare_op: Comparing "data" to null implies that "data" might be null. lib/vtls/nss.c:1923: var_deref_model: Passing null pointer "data" to "Curl_failf", which dereferences it. lib/sendf.c:154:3: deref_parm: Directly dereferencing parameter "data". --- lib/vtls/nss.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c index 16b9124f151050..1dd56badbf280e 100644 --- a/lib/vtls/nss.c +++ b/lib/vtls/nss.c @@ -1918,11 +1918,9 @@ int Curl_nss_random(struct SessionHandle *data, if(data) Curl_nss_seed(data); /* Initiate the seed if not already done */ - if(SECSuccess != PK11_GenerateRandom(entropy, curlx_uztosi(length))) { - /* no way to signal a failure from here, we have to abort */ - failf(data, "PK11_GenerateRandom() failed, calling abort()..."); - abort(); - } + if(SECSuccess != PK11_GenerateRandom(entropy, curlx_uztosi(length))) + /* signal a failure */ + return -1; return 0; }