From 1e1ba280c4d3495d5f09dd9dec3ae3a8fe89aee7 Mon Sep 17 00:00:00 2001
From: Tom Carroll <incentivedesign@gmail.com>
Date: Thu, 23 Apr 2020 23:15:59 -0700
Subject: [PATCH] Distinguish out of memory from insufficient creds

Signed-off-by: Tom Carroll <incentivedesign@gmail.com>
---
 gnutls.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/gnutls.c b/gnutls.c
index df30b730..111f3746 100644
--- a/gnutls.c
+++ b/gnutls.c
@@ -624,9 +624,17 @@ static int assign_privkey(struct openconnect_info *vpninfo,
 			  unsigned int nr_certs)
 {
 	gnutls_pcert_st *pcerts = calloc(nr_certs, sizeof(*pcerts));
-	int i, err;
+	unsigned int i;
+	int err;
 
-	if (!pcerts)
+	/**
+	 * Added check for nr_certs > 0 to allow the caller to
+	 * distinguish between out of memory (signaled by
+	 * GNUTLS_E_MEMORY_ERROR) and when either pkey == NULL or
+	 * nr_certs == 0. In these cases, GNUTLS_E_INSUFFICIENT_CREDENTIALS
+	 * is signaled.
+	 */
+	if (nr_certs > 0 && pcerts == NULL)
 		return GNUTLS_E_MEMORY_ERROR;
 
 	for (i = 0 ; i < nr_certs; i++) {
-- 
2.50.1