On 17 Mar 2026, at 19:55, Mike Pattrick via dev wrote:
> Previously read_cert_file() only checked for EOF as returned by getc
> when reading a cert file. This patch checks for ferror and feof before
> continuing to loop over file contents.
>
> Found with clang analyze.
>
> Fixes: 9467fe624698 ("Add SSL support to "stream" library and OVSDB.")
> Signed-off-by: Mike Pattrick <[email protected]>
Hi Mike,
See comment below.
//Eelco
> ---
> lib/stream-ssl.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c
> index c8eb26b2a..aafe4a90d 100644
> --- a/lib/stream-ssl.c
> +++ b/lib/stream-ssl.c
> @@ -1421,7 +1421,11 @@ read_cert_file(const char *file_name, X509 ***certs,
> size_t *n_certs)
> /* Are there additional certificates in the file? */
> do {
> c = getc(file);
> - } while (isspace(c));
> + if (ferror(file)) {
> + c = EOF;
> + break;
> + }
> + } while (isspace(c) && !feof(file));
Would only the below not be enough? getc() should return EOF on error
or end of file, no need to call feof()/ferror() explicitly (I think).
} while (c != EOF && isspace(c));
> if (c == EOF) {
> break;
> }
> --
> 2.53.0
>
> _______________________________________________
> dev mailing list
> [email protected]
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
