[exim-cvs] Always check return from tls_export

Author: Exim Git Commits Mailing List
Date:
To: exim-cvs
Subject: [exim-cvs] Always check return from tls_export_cert()

Gitweb: https://git.exim.org/exim.git/commitdiff/2944124ccb62cbf64e44bc8e0894fb30307514da

Commit:     2944124ccb62cbf64e44bc8e0894fb30307514da
Parent:     fc55624df0c1956b7b6b4ae35605a6b95704d022
Author:     Heiko Schlittermann (HS12-RIPE) <hs@???>
AuthorDate: Fri Aug 30 13:44:01 2019 +0200
Committer:  Heiko Schlittermann (HS12-RIPE) <hs@???>
CommitDate: Fri Aug 30 13:44:01 2019 +0200

    Always check return from tls_export_cert()

    Invert the meaning of the return.
---
 src/src/deliver.c         | 4 ++--
 src/src/functions.h       | 2 +-
 src/src/spool_out.c       | 8 ++++----
 src/src/tlscert-gnu.c     | 8 ++++----
 src/src/tlscert-openssl.c | 6 +++---
 5 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/src/src/deliver.c b/src/src/deliver.c
index a82a04f..59fbeea 100644
--- a/src/src/deliver.c
+++ b/src/src/deliver.c
@@ -4826,7 +4826,7 @@ all pipes, so I do not see a reason to use non-blocking IO here
       if (addr->peercert)
     {
         ptr = big_buffer;
-    if (!tls_export_cert(ptr, big_buffer_size-2, addr->peercert))
+    if (tls_export_cert(ptr, big_buffer_size-2, addr->peercert))
       while(*ptr++);
     else
       *ptr++ = 0;
@@ -4835,7 +4835,7 @@ all pipes, so I do not see a reason to use non-blocking IO here
       if (addr->ourcert)
     {
         ptr = big_buffer;
-    if (!tls_export_cert(ptr, big_buffer_size-2, addr->ourcert))
+    if (tls_export_cert(ptr, big_buffer_size-2, addr->ourcert))
       while(*ptr++);
     else
       *ptr++ = 0;
diff --git a/src/src/functions.h b/src/src/functions.h
index ee0ad13..b9af77d 100644
--- a/src/src/functions.h
+++ b/src/src/functions.h
@@ -52,7 +52,7 @@ extern BOOL    tls_client_start(client_conn_ctx *, smtp_connect_args *,
 extern void    tls_close(void *, int);
 extern BOOL    tls_could_read(void);
 extern void    tls_daemon_init(void);
-extern int     tls_export_cert(uschar *, size_t, void *);
+extern BOOL    tls_export_cert(uschar *, size_t, void *);
 extern int     tls_feof(void);
 extern int     tls_ferror(void);
 extern void    tls_free_cert(void **);
diff --git a/src/src/spool_out.c b/src/src/spool_out.c
index 0dfa4de..acc6c7b 100644
--- a/src/src/spool_out.c
+++ b/src/src/spool_out.c
@@ -249,15 +249,15 @@ if (tls_in.certificate_verified) fprintf(fp, "-tls_certificate_verified\n");
 if (tls_in.cipher) spool_var_write(fp, US"tls_cipher", tls_in.cipher);
 if (tls_in.peercert)
   {
-  (void) tls_export_cert(big_buffer, big_buffer_size, tls_in.peercert);
-  fprintf(fp, "--tls_peercert %s\n", CS big_buffer);
+  if (tls_export_cert(big_buffer, big_buffer_size, tls_in.peercert))
+    fprintf(fp, "--tls_peercert %s\n", CS big_buffer);
   }
 if (tls_in.peerdn)       spool_var_write(fp, US"tls_peerdn", string_printing(tls_in.peerdn));
 if (tls_in.sni)         spool_var_write(fp, US"tls_sni",    string_printing(tls_in.sni));
 if (tls_in.ourcert)
   {
-  (void) tls_export_cert(big_buffer, big_buffer_size, tls_in.ourcert);
-  fprintf(fp, "-tls_ourcert %s\n", CS big_buffer);
+  if (tls_export_cert(big_buffer, big_buffer_size, tls_in.ourcert))
+    fprintf(fp, "-tls_ourcert %s\n", CS big_buffer);
   }
 if (tls_in.ocsp)     fprintf(fp, "-tls_ocsp %d\n",   tls_in.ocsp);
 # ifdef EXPERIMENTAL_TLS_RESUME
diff --git a/src/src/tlscert-gnu.c b/src/src/tlscert-gnu.c
index 4513581..f4d5360 100644
--- a/src/src/tlscert-gnu.c
+++ b/src/src/tlscert-gnu.c
@@ -21,12 +21,12 @@ tls.c when USE_GNUTLS has been set.
 /*****************************************************
 *  Export/import a certificate, binary/printable
 *****************************************************/
-int
+BOOL
 tls_export_cert(uschar * buf, size_t buflen, void * cert)
 {
 size_t sz = buflen;
 rmark reset_point = store_mark();
-int fail;
+BOOL fail;
 const uschar * cp;

 if ((fail = gnutls_x509_crt_export((gnutls_x509_crt_t)cert,
@@ -34,7 +34,7 @@ if ((fail = gnutls_x509_crt_export((gnutls_x509_crt_t)cert,
   {
   log_write(0, LOG_MAIN, "TLS error in certificate export: %s",
     gnutls_strerror(fail));
-  return 1;
+  return 0;
   }
 if ((cp = string_printing(buf)) != buf)
   {
@@ -43,7 +43,7 @@ if ((cp = string_printing(buf)) != buf)
     fail = 1;
   }
 store_reset(reset_point);
-return fail;
+return !fail;
 }

int
diff --git a/src/src/tlscert-openssl.c b/src/src/tlscert-openssl.c
index 0aa65c8..845c301 100644
--- a/src/src/tlscert-openssl.c
+++ b/src/src/tlscert-openssl.c
@@ -34,11 +34,11 @@ library. It is #included into the tls.c file when that library is used.
/*****************************************************
* Export/import a certificate, binary/printable
*****************************************************/
-int
+BOOL
tls_export_cert(uschar * buf, size_t buflen, void * cert)
{
BIO * bp = BIO_new(BIO_s_mem());
-int fail;
+BOOL fail;

if ((fail = PEM_write_bio_X509(bp, (X509 *)cert) ? 0 : 1))
log_write(0, LOG_MAIN, "TLS error in certificate export: %s",
@@ -59,7 +59,7 @@ else
}

BIO_free(bp);
-return fail;
+return !fail;
}

int

This message is part of the following thread:
	the complete thread tree sorted by date