Hi,
On 02-01-18 20:19, Selva Nair wrote:
> On Fri, Dec 29, 2017 at 5:18 AM, Steffan Karger
> <steffan.kar...@fox-it.com> wrote:
>> @@ -557,13 +557,15 @@ verify_cert_export_cert(openvpn_x509_cert_t *peercert,
>> const char *tmp_dir, stru
>> peercert_file = fopen(peercert_filename, "w+");
>> if (!peercert_file)
>> {
>> - msg(M_ERR, "Failed to open temporary file : %s", peercert_filename);
>> + msg(M_NONFATAL|M_ERRNO, "Failed to open temporary file: %s",
>> + peercert_filename);
>> return NULL;
>> }
>>
>> if (SUCCESS != x509_write_pem(peercert_file, peercert))
>
> The openssl version of x509_write_pem() called here could fail with
> M_ERR --- is that already fixed in one of the pending patches? If not,
> why not make that one too non-fatal?
No, not fixed in the pending patches. Good catch, will fix.
>> {
>> - msg(M_ERR, "Error writing PEM file containing certificate");
>> + msg(M_NONFATAL, "Error writing PEM file containing certificate");
>
> Yeah, not including M_ERRNO looks like the right thing to do here.
>
>> + peercert_filename = NULL;
>
> This could potentially lead to a stale tempfile left behind. Could be
> fixed by unlinking here? Successfully exported cert file does get unlinked
> after the verify script returns.
Also good point, will fix.
> Sorry, earlier I only made a hasty remark about the error flag and did not do
> a proper review...
No worries, thanks for reviewing! v3 coming soon.
-Steffan
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
