Ensure ca_list != NULL and ca_list_size > 0.

As ca_list_size is used in malloc, ensure that ca_list_size > 0.
If ca_list_size > 0, then ca_list cannot be NULL. Make these
assumptions explicit with argument condition check.

Signed-off-by: Tom Carroll <incentivedesign@gmail.com>

diff --git a/lib/cert-cred-x509.c b/lib/cert-cred-x509.c
index 03d20b1e6ff7a6c001bbea7cf07362339b482776..2d991ad6a542a38b5f07cc12de477992546c0361 100644 (file)
--- a/lib/cert-cred-x509.c
+++ b/lib/cert-cred-x509.c
@@ -1142,8 +1142,12 @@ gnutls_certificate_set_x509_trust(gnutls_certificate_credentials_t res,
                                  int ca_list_size)
 {
        int ret, i, j;
-       gnutls_x509_crt_t *new_list = gnutls_malloc(ca_list_size * sizeof(gnutls_x509_crt_t));
+       gnutls_x509_crt_t *new_list;
 
+       if (ca_list == NULL || ca_list_size < 1)
+               return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
+       new_list = gnutls_malloc(ca_list_size * sizeof(gnutls_x509_crt_t));
        if (!new_list)
                return GNUTLS_E_MEMORY_ERROR;