From f09e336b3aa86bfae07401a837ec639d127f3b8f Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Thu, 20 May 2021 10:36:18 +0100 Subject: [PATCH] resolved: check return value of gcrypt APIs Coverity complains about missing error check. CID #1453234 --- src/resolve/resolved-dns-dnssec.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/resolve/resolved-dns-dnssec.c b/src/resolve/resolved-dns-dnssec.c index 4fa3c1d995d..91da5b65156 100644 --- a/src/resolve/resolved-dns-dnssec.c +++ b/src/resolve/resolved-dns-dnssec.c @@ -805,7 +805,9 @@ int dnssec_verify_rrset( case DNSSEC_ALGORITHM_ED448: *result = DNSSEC_UNSUPPORTED_ALGORITHM; return 0; - default: + default: { + gcry_error_t err; + /* OK, the RRs are now in canonical order. Let's calculate the digest */ md_algorithm = algorithm_to_gcrypt_md(rrsig->rrsig.algorithm); if (md_algorithm == -EOPNOTSUPP) { @@ -815,8 +817,8 @@ int dnssec_verify_rrset( if (md_algorithm < 0) return md_algorithm; - gcry_md_open(&md, md_algorithm, 0); - if (!md) + err = gcry_md_open(&md, md_algorithm, 0); + if (gcry_err_code(err) != GPG_ERR_NO_ERROR || !md) return -EIO; hash_size = gcry_md_get_algo_dlen(md_algorithm); @@ -828,6 +830,7 @@ int dnssec_verify_rrset( if (!hash) return -EIO; } + } switch (rrsig->rrsig.algorithm) { -- 2.47.3