From: Tom Carroll <incentivedesign@gmail.com>
Date: Fri, 24 Apr 2020 06:15:59 +0000 (-0700)
Subject: Distinguish out of memory from insufficient creds
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=1e1ba280c4d3495d5f09dd9dec3ae3a8fe89aee7;p=users%2Fdwmw2%2Fopenconnect.git

Distinguish out of memory from insufficient creds

Signed-off-by: Tom Carroll <incentivedesign@gmail.com>
---

diff --git a/gnutls.c b/gnutls.c
index df30b730..111f3746 100644
--- a/gnutls.c
+++ b/gnutls.c
@@ -624,9 +624,17 @@ static int assign_privkey(struct openconnect_info *vpninfo,
 			  unsigned int nr_certs)
 {
 	gnutls_pcert_st *pcerts = calloc(nr_certs, sizeof(*pcerts));
-	int i, err;
+	unsigned int i;
+	int err;
 
-	if (!pcerts)
+	/**
+	 * Added check for nr_certs > 0 to allow the caller to
+	 * distinguish between out of memory (signaled by
+	 * GNUTLS_E_MEMORY_ERROR) and when either pkey == NULL or
+	 * nr_certs == 0. In these cases, GNUTLS_E_INSUFFICIENT_CREDENTIALS
+	 * is signaled.
+	 */
+	if (nr_certs > 0 && pcerts == NULL)
 		return GNUTLS_E_MEMORY_ERROR;
 
 	for (i = 0 ; i < nr_certs; i++) {