From: David Woodhouse <dwmw2@infradead.org>
Date: Wed, 28 Apr 2021 12:26:54 +0000 (+0100)
Subject: Ensure pulse_connect() can never attempt to monitor fd -1
X-Git-Tag: v8.20~244
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=808a702d05de982eb2e096d7c199c60f0fa1775c;p=users%2Fdwmw2%2Fopenconnect.git

Ensure pulse_connect() can never attempt to monitor fd -1

Coverity wasn't sure that this could never happen. I'm *fairly* sure but
let's add a check anyway.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
---

diff --git a/pulse.c b/pulse.c
index 2e18c7d2..280cc4a3 100644
--- a/pulse.c
+++ b/pulse.c
@@ -2568,10 +2568,14 @@ int pulse_connect(struct openconnect_info *vpninfo)
 
 	if (!vpninfo->ip_info.mtu ||
 	    (!vpninfo->ip_info.addr && !vpninfo->ip_info.addr6)) {
-		vpn_progress(vpninfo, PRG_ERR, "Insufficient configuration found\n");
+		vpn_progress(vpninfo, PRG_ERR, _("Insufficient configuration found\n"));
 		return -EINVAL;
 	}
 
+	/* This should never happen, but be defensive and shut Coverity up */
+	if (vpninfo->ssl_fd == -1)
+		return -EIO;
+
 	ret = 0;
 	monitor_fd_new(vpninfo, ssl);
 	monitor_read_fd(vpninfo, ssl);