Commit 7a1538d9 authored by Kamil Dudka's avatar Kamil Dudka
Browse files

nss: improve error handling in Curl_nss_random() 

The vtls layer now checks the return value, so it is no longer necessary
to abort if a random number cannot be provided by NSS.  This also fixes
the following Coverity report:

Error: FORWARD_NULL (CWE-476):
lib/vtls/nss.c:1918: var_compare_op: Comparing "data" to null implies that "data" might be null.
lib/vtls/nss.c:1923: var_deref_model: Passing null pointer "data" to "Curl_failf", which dereferences it.
lib/sendf.c:154:3: deref_parm: Directly dereferencing parameter "data".
parent 0409a7d9

lib/vtls/nss.c

+3 −5
Original line number Diff line number Diff line
@@ -1918,11 +1918,9 @@ int Curl_nss_random(struct SessionHandle *data, 
  if(data)

    Curl_nss_seed(data);  /* Initiate the seed if not already done */



  if(SECSuccess != PK11_GenerateRandom(entropy, curlx_uztosi(length))) {

    /* no way to signal a failure from here, we have to abort */

    failf(data, "PK11_GenerateRandom() failed, calling abort()...");

    abort();

  }

  if(SECSuccess != PK11_GenerateRandom(entropy, curlx_uztosi(length)))

    /* signal a failure */

    return -1;



  return 0;

}