Commit 7225bab P11: Don't return int failure from a bool function

2 files Authored by jhrozek 5 days ago , Committed by fidencio 5 days ago ,
P11: Don't return int failure from a bool function

The functions return bool as per their prototype, but returning EINVAL
on failure meant that EINVAL (typically 22) was converted to 'true', so
a certificate that was not processable was considered valid.

Luckily this code only converts certificates into SSH public keys, so
there are no security implications.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>

    
1 @@ -220,7 +220,7 @@
2       ret = b64_to_cert(p11_ctx, cert_b64, &cert);
3       if (ret != EOK) {
4           DEBUG(SSSDBG_OP_FAILURE, "Failed to convert certificate.\n");
5 -         return EINVAL;
6 +         return false;
7       }
8   
9       res = do_verification(p11_ctx, cert);
1 @@ -209,7 +209,7 @@
2       ret = b64_to_cert(cert_b64, &cert);
3       if (ret != EOK) {
4           DEBUG(SSSDBG_OP_FAILURE, "Failed to convert certificate.\n");
5 -         return EINVAL;
6 +         return false;
7       }
8   
9       res = do_verification(p11_ctx, cert);