s4:rpc_server: Check return values of gnutls functions (CID 1452111)

author Joseph Sutton <josephsutton@catalyst.net.nz>

Fri, 6 Oct 2023 01:24:51 +0000 (14:24 +1300)

committer Andrew Bartlett <abartlet@samba.org>

Fri, 13 Oct 2023 02:18:31 +0000 (02:18 +0000)
author Joseph Sutton <josephsutton@catalyst.net.nz>
Fri, 6 Oct 2023 01:24:51 +0000 (14:24 +1300)
committer Andrew Bartlett <abartlet@samba.org>
Fri, 13 Oct 2023 02:18:31 +0000 (02:18 +0000)
diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c b/source4/rpc_server/backupkey/dcesrv_backupkey.c

index b872ea688b4cc41ec4f62168baf3b2f8b9f25ed9..47e338f546c34162d318a6f569b3e48493963a82 100644 (file)
--- a/source4/rpc_server/backupkey/dcesrv_backupkey.c
+++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c
@@ -431,11 +431,18 @@ static WERROR get_and_verify_access_check(TALLOC_CTX *sub_ctx,
                         return WERR_INVALID_DATA;
                 }
  
-               gnutls_hash_init(&dig_ctx, GNUTLS_DIG_SHA1);
-               gnutls_hash(dig_ctx,
-                           blob_us.data,
-                           blob_us.length - hash_size);
+               rc = gnutls_hash_init(&dig_ctx, GNUTLS_DIG_SHA1);
+               if (rc != GNUTLS_E_SUCCESS) {
+                       return gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
+               }
+               rc = gnutls_hash(dig_ctx,
+                                blob_us.data,
+                                blob_us.length - hash_size);
                 gnutls_hash_deinit(dig_ctx, hash);
+               if (rc != GNUTLS_E_SUCCESS) {
+                       return gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
+               }
+
                 /*
                  * We free it after the sha1 calculation because blob.data
                  * point to the same area
@@ -465,11 +472,17 @@ static WERROR get_and_verify_access_check(TALLOC_CTX *sub_ctx,
                         return WERR_INVALID_DATA;
                 }
  
-               gnutls_hash_init(&dig_ctx, GNUTLS_DIG_SHA512);
-               gnutls_hash(dig_ctx,
-                           blob_us.data,
-                           blob_us.length - hash_size);
+               rc = gnutls_hash_init(&dig_ctx, GNUTLS_DIG_SHA512);
+               if (rc != GNUTLS_E_SUCCESS) {
+                       return gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
+               }
+               rc = gnutls_hash(dig_ctx,
+                                blob_us.data,
+                                blob_us.length - hash_size);
                 gnutls_hash_deinit(dig_ctx, hash);
+               if (rc != GNUTLS_E_SUCCESS) {
+                       return gnutls_error_to_werror(rc, WERR_INTERNAL_ERROR);
+               }
  
                 /*
                  * We free it after the sha1 calculation because blob.data
author	Joseph Sutton <josephsutton@catalyst.net.nz>
	Fri, 6 Oct 2023 01:24:51 +0000 (14:24 +1300)
committer	Andrew Bartlett <abartlet@samba.org>
	Fri, 13 Oct 2023 02:18:31 +0000 (02:18 +0000)