From: Iwan Timmer <irtimmer@gmail.com>
Date: Mon, 17 Jun 2019 20:33:50 +0000 (+0200)
Subject: resolved: add missing error code check when initializing DNS-over-TLS
X-Git-Tag: v243-rc1~266^2~3
X-Git-Url: http://git.ipfire.org/?p=thirdparty%2Fsystemd.git;a=commitdiff_plain;h=71a681ae50175a569bf832d2615fd11994c41d73;hp=e22c5b20641e3ce6cd029cb40e3f4ed1330493bf

resolved: add missing error code check when initializing DNS-over-TLS
---

diff --git a/src/resolve/resolved-dnstls-gnutls.c b/src/resolve/resolved-dnstls-gnutls.c
index 7defd119a4b..d824d6ca5ac 100644
--- a/src/resolve/resolved-dnstls-gnutls.c
+++ b/src/resolve/resolved-dnstls-gnutls.c
@@ -194,14 +194,15 @@ void dnstls_server_free(DnsServer *server) {
                 gnutls_free(server->dnstls_data.session_data.data);
 }
 
-void dnstls_manager_init(Manager *manager) {
+int dnstls_manager_init(Manager *manager) {
         int r;
         assert(manager);
 
-        gnutls_certificate_allocate_credentials(&manager->dnstls_data.cert_cred);
-        r = gnutls_certificate_set_x509_trust_file(manager->dnstls_data.cert_cred, manager->trusted_certificate_file, GNUTLS_X509_FMT_PEM);
+        r = gnutls_certificate_allocate_credentials(&manager->dnstls_data.cert_cred);
         if (r < 0)
-                log_error("Failed to load trusted certificate file %s: %s", manager->trusted_certificate_file, gnutls_strerror(r));
+                return -ENOMEM;
+
+        return 0;
 }
 
 void dnstls_manager_free(Manager *manager) {
diff --git a/src/resolve/resolved-dnstls-openssl.c b/src/resolve/resolved-dnstls-openssl.c
index 6b2e1b218f8..22d579a7f77 100644
--- a/src/resolve/resolved-dnstls-openssl.c
+++ b/src/resolve/resolved-dnstls-openssl.c
@@ -344,17 +344,21 @@ void dnstls_server_free(DnsServer *server) {
                 SSL_SESSION_free(server->dnstls_data.session);
 }
 
-void dnstls_manager_init(Manager *manager) {
+int dnstls_manager_init(Manager *manager) {
         int r;
         assert(manager);
 
         ERR_load_crypto_strings();
         SSL_load_error_strings();
         manager->dnstls_data.ctx = SSL_CTX_new(TLS_client_method());
-        if (manager->dnstls_data.ctx) {
-                SSL_CTX_set_min_proto_version(manager->dnstls_data.ctx, TLS1_2_VERSION);
-                SSL_CTX_set_options(manager->dnstls_data.ctx, SSL_OP_NO_COMPRESSION);
-        }
+
+        if (!manager->dnstls_data.ctx)
+                return -ENOMEM;
+
+        SSL_CTX_set_min_proto_version(manager->dnstls_data.ctx, TLS1_2_VERSION);
+        SSL_CTX_set_options(manager->dnstls_data.ctx, SSL_OP_NO_COMPRESSION);
+
+        return 0;
 }
 
 void dnstls_manager_free(Manager *manager) {
diff --git a/src/resolve/resolved-dnstls.h b/src/resolve/resolved-dnstls.h
index b01de2d9d20..2212821bdff 100644
--- a/src/resolve/resolved-dnstls.h
+++ b/src/resolve/resolved-dnstls.h
@@ -31,5 +31,5 @@ ssize_t dnstls_stream_read(DnsStream *stream, void *buf, size_t count);
 
 void dnstls_server_free(DnsServer *server);
 
-void dnstls_manager_init(Manager *manager);
+int dnstls_manager_init(Manager *manager);
 void dnstls_manager_free(Manager *manager);
diff --git a/src/resolve/resolved-manager.c b/src/resolve/resolved-manager.c
index 433d50cc2b5..02153b929fb 100644
--- a/src/resolve/resolved-manager.c
+++ b/src/resolve/resolved-manager.c
@@ -598,7 +598,9 @@ int manager_new(Manager **ret) {
                 log_warning_errno(r, "Failed to parse configuration file: %m");
 
 #if ENABLE_DNS_OVER_TLS
-        dnstls_manager_init(m);
+        r = dnstls_manager_init(m);
+        if (r < 0)
+                return r;
 #endif
 
         r = sd_event_default(&m->event);