From: Luca Boccassi <luca.boccassi@microsoft.com>
Date: Thu, 1 Apr 2021 08:48:36 +0000 (+0100)
Subject: resolved: use _cleanup_(gcry_md_closep) in one more place
X-Git-Tag: v249-rc1~487
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=677ba9d062850cc37c31316ecba241a7d6c48af5;p=thirdparty%2Fsystemd.git

resolved: use _cleanup_(gcry_md_closep) in one more place

Documentation says gcry_md_close will ignore a NULL input so should be safe:

https://gnupg.org/documentation/manuals/gcrypt/Working-with-hash-algorithms.html

Makes Coverity happy, follow-up for 248b1e0aa4

CID #1451555
---

diff --git a/src/resolve/resolved-dns-dnssec.c b/src/resolve/resolved-dns-dnssec.c
index d14e5a90af0..a107769130b 100644
--- a/src/resolve/resolved-dns-dnssec.c
+++ b/src/resolve/resolved-dns-dnssec.c
@@ -1205,7 +1205,7 @@ static int nsec3_hash_to_gcrypt_md(uint8_t algorithm) {
 
 int dnssec_nsec3_hash(DnsResourceRecord *nsec3, const char *name, void *ret) {
         uint8_t wire_format[DNS_WIRE_FORMAT_HOSTNAME_MAX];
-        gcry_md_hd_t md = NULL;
+        _cleanup_(gcry_md_closep) gcry_md_hd_t md = NULL;
         gcry_error_t err;
         size_t hash_size;
         int algorithm;
@@ -1249,10 +1249,8 @@ int dnssec_nsec3_hash(DnsResourceRecord *nsec3, const char *name, void *ret) {
         gcry_md_write(md, nsec3->nsec3.salt, nsec3->nsec3.salt_size);
 
         result = gcry_md_read(md, 0);
-        if (!result) {
-                r = -EIO;
-                goto finish;
-        }
+        if (!result)
+                return -EIO;
 
         for (k = 0; k < nsec3->nsec3.iterations; k++) {
                 uint8_t tmp[hash_size];
@@ -1263,18 +1261,12 @@ int dnssec_nsec3_hash(DnsResourceRecord *nsec3, const char *name, void *ret) {
                 gcry_md_write(md, nsec3->nsec3.salt, nsec3->nsec3.salt_size);
 
                 result = gcry_md_read(md, 0);
-                if (!result) {
-                        r = -EIO;
-                        goto finish;
-                }
+                if (!result)
+                        return -EIO;
         }
 
         memcpy(ret, result, hash_size);
-        r = (int) hash_size;
-
-finish:
-        gcry_md_close(md);
-        return r;
+        return (int) hash_size;
 }
 
 static int nsec3_is_good(DnsResourceRecord *rr, DnsResourceRecord *nsec3) {