[gnutls-devel] Use of gnutls_x509_trust_list_add_cas() function

Zaolin zaolin at das-labor.org
Tue Apr 8 23:19:00 CEST 2014


yesterday I browsed the code of gnutls and found some strange behaviour
in the check of a return value.The gnutls_x509_trust_list_add_cas
function returns the elements which has been added to the trust list.

 * gnutls_x509_trust_list_add_cas:
 * @list: The structure of the list
 * @clist: A list of CAs
 * @clist_size: The length of the CA list
 * @flags: should be 0.
 * This function will add the given certificate authorities
 * to the trusted list. The list of CAs must not be deinitialized
 * during this structure's lifetime.
 * Returns: The number of added elements is returned.
 * Since: 3.0

But in the whole gnutls code including the apps the return value is
checked like this:

ret = gnutls_x509_trust_list_add_cas
if( ret < 0 ) {

The return value of this function can never be negative as the
implementation shows. So it seems that this is a bug if I am right ?

I am thinking about catching all misused lines of code and submiting a

Regards Zaolin

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140408/55a7aeec/attachment-0001.sig>

More information about the Gnutls-devel mailing list