From: Kamil Dudka <kdudka@redhat.com>
Date: Tue, 24 Feb 2015 14:10:15 +0000 (+0100)
Subject: nss: improve error handling in Curl_nss_random()
X-Git-Tag: curl-7_42_0~224
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=7a1538d9cc0736e0a9ab13cf115db40a0bfbb152;p=thirdparty%2Fcurl.git

nss: improve error handling in Curl_nss_random()

The vtls layer now checks the return value, so it is no longer necessary
to abort if a random number cannot be provided by NSS.  This also fixes
the following Coverity report:

Error: FORWARD_NULL (CWE-476):
lib/vtls/nss.c:1918: var_compare_op: Comparing "data" to null implies that "data" might be null.
lib/vtls/nss.c:1923: var_deref_model: Passing null pointer "data" to "Curl_failf", which dereferences it.
lib/sendf.c:154:3: deref_parm: Directly dereferencing parameter "data".
---

diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index 16b9124f15..1dd56badbf 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -1918,11 +1918,9 @@ int Curl_nss_random(struct SessionHandle *data,
   if(data)
     Curl_nss_seed(data);  /* Initiate the seed if not already done */
 
-  if(SECSuccess != PK11_GenerateRandom(entropy, curlx_uztosi(length))) {
-    /* no way to signal a failure from here, we have to abort */
-    failf(data, "PK11_GenerateRandom() failed, calling abort()...");
-    abort();
-  }
+  if(SECSuccess != PK11_GenerateRandom(entropy, curlx_uztosi(length)))
+    /* signal a failure */
+    return -1;
 
   return 0;
 }