crypto: fix mistaken setting of Error in success code path

The qcrypto_tls_session_check_certificate() method was setting an Error even when the ACL check suceeded. This didn't affect the callers detection of errors because they relied on the function return status, but this did cause a memory leak since the caller would not free an Error they did not expect to be set. Signed-off-by: N Daniel P. Berrange <berrange@redhat.com>

crypto: fix mistaken setting of Error in success code path
The qcrypto_tls_session_check_certificate() method was setting an Error even when the ACL check suceeded. This didn't affect the callers detection of errors because they relied on the function return status, but this did cause a memory leak since the caller would not free an Error they did not expect to be set. Signed-off-by: N Daniel P. Berrange <berrange@redhat.com>
6ef8cd7a · Daniel P. Berrange · 61b9251a · 6ef8cd7a
隐藏空白更改
内联并排

Showing with 2 addition and 2 deletion

crypto/tlssession.c crypto/tlssession.c +2 -2

未找到文件。
--- a/crypto/tlssession.c
+++ b/crypto/tlssession.c
@@ -304,9 +304,9 @@ qcrypto_tls_session_check_certificate(QCryptoTLSSession *session,
                allow = qemu_acl_party_is_allowed(acl, session->peername);
-                error_setg(errp, "TLS x509 ACL check for %s is %s",
-                           session->peername, allow ? "allowed" : "denied");
                if (!allow) {
+                    error_setg(errp, "TLS x509 ACL check for %s is denied",
+                               session->peername);
                    goto error;
                }
            }