commit 6948ead152f81b2d66ba0636b0f0604cdc3bc554
author Adam Tkac <atkac@redhat.com> Wed Aug 11 15:58:59 2010 +0000
committer Adam Tkac <atkac@redhat.com> Wed Aug 11 15:58:59 2010 +0000
tree c9a17878e80bee4298f2764fcc239c2e39375fa9
parent 5522d61b7a7325bdcad49aa8ee878c05ddd0c241

[Bugfix] Check return codes from gnutls library every time.


git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4120 3789f03b-4d11-0410-bbf8-ca57d06f2519

common/rfb/CSecurityTLS.cxx

diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
index 7b2456d..651f852 100644
--- a/common/rfb/CSecurityTLS.cxx
+++ b/common/rfb/CSecurityTLS.cxx
@@ -79,7 +79,8 @@
 void CSecurityTLS::shutdown()
 {
   if (session)
-    gnutls_bye(session, GNUTLS_SHUT_RDWR);
+    if (gnutls_bye(session, GNUTLS_SHUT_RDWR) != GNUTLS_E_SUCCESS)
+      throw Exception("gnutls_bye failed");
 
   if (anon_cred) {
     gnutls_anon_free_client_credentials(anon_cred);
@@ -128,8 +129,11 @@
     if (is->readU8() == 0)
       return true;
 
-    gnutls_init(&session, GNUTLS_CLIENT);
-    gnutls_set_default_priority(session);
+    if (gnutls_init(&session, GNUTLS_CLIENT) != GNUTLS_E_SUCCESS)
+      throw AuthFailureException("gnutls_init failed");
+
+    if (gnutls_set_default_priority(session) != GNUTLS_E_SUCCESS)
+      throw AuthFailureException("gnutls_set_default_priority failed");
 
     setParam();
     
@@ -166,14 +170,22 @@
 				     GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0 };
 
   if (anon) {
-    gnutls_kx_set_priority(session, kx_anon_priority);
-    gnutls_anon_allocate_client_credentials(&anon_cred);
-    gnutls_credentials_set(session, GNUTLS_CRD_ANON, anon_cred);
+    if (gnutls_kx_set_priority(session, kx_anon_priority) != GNUTLS_E_SUCCESS)
+      throw AuthFailureException("gnutls_kx_set_priority failed");
+
+    if (gnutls_anon_allocate_client_credentials(&anon_cred) != GNUTLS_E_SUCCESS)
+      throw AuthFailureException("gnutls_anon_allocate_client_credentials failed");
+
+    if (gnutls_credentials_set(session, GNUTLS_CRD_ANON, anon_cred) != GNUTLS_E_SUCCESS)
+      throw AuthFailureException("gnutls_credentials_set failed");
 
     vlog.debug("Anonymous session has been set");
   } else {
-    gnutls_kx_set_priority(session, kx_priority);
-    gnutls_certificate_allocate_credentials(&cert_cred);
+    if (gnutls_kx_set_priority(session, kx_priority) != GNUTLS_E_SUCCESS)
+      throw AuthFailureException("gnutls_kx_set_priority failed");
+
+    if (gnutls_certificate_allocate_credentials(&cert_cred) != GNUTLS_E_SUCCESS)
+      throw AuthFailureException("gnutls_certificate_allocate_credentials failed");
 
     if (*cafile && gnutls_certificate_set_x509_trust_file(cert_cred,cafile,GNUTLS_X509_FMT_PEM) < 0)
       throw AuthFailureException("load of CA cert failed");
@@ -181,7 +193,8 @@
     if (*crlfile && gnutls_certificate_set_x509_crl_file(cert_cred,crlfile,GNUTLS_X509_FMT_PEM) < 0)
       throw AuthFailureException("load of CRL failed");
 
-    gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cert_cred);
+    if (gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cert_cred) != GNUTLS_E_SUCCESS)
+      throw AuthFailureException("gnutls_credentials_set failed");
 
     vlog.debug("X509 session has been set");
   }