Commit 9fe991d0a4 for qemu.org
commit 9fe991d0a490e18c64b02540b141ad8c3e2a477e
Author: Daniel P. Berrangé <berrange@redhat.com>
Date: Wed Oct 29 14:12:47 2025 +0000
crypto: remove redundant access() checks before loading certs
The qcrypto_tls_creds_get_path method will perform an access()
check on the file and return a NULL path if it fails. By the
time we get to loading the cert files we know they must exist
on disk and thus the second access() check is redundant.
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
diff --git a/crypto/tlscredsx509.c b/crypto/tlscredsx509.c
index 75c70af522..0acb17b6ec 100644
--- a/crypto/tlscredsx509.c
+++ b/crypto/tlscredsx509.c
@@ -496,8 +496,7 @@ qcrypto_tls_creds_x509_sanity_check(QCryptoTLSCredsX509 *creds,
size_t i;
int ret = -1;
- if (certFile &&
- access(certFile, R_OK) == 0) {
+ if (certFile) {
if (qcrypto_tls_creds_load_cert_list(creds,
certFile,
&certs,
@@ -508,16 +507,15 @@ qcrypto_tls_creds_x509_sanity_check(QCryptoTLSCredsX509 *creds,
goto cleanup;
}
}
- if (access(cacertFile, R_OK) == 0) {
- if (qcrypto_tls_creds_load_cert_list(creds,
- cacertFile,
- &cacerts,
- &ncacerts,
- isServer,
- true,
- errp) < 0) {
- goto cleanup;
- }
+
+ if (qcrypto_tls_creds_load_cert_list(creds,
+ cacertFile,
+ &cacerts,
+ &ncacerts,
+ isServer,
+ true,
+ errp) < 0) {
+ goto cleanup;
}
for (i = 0; i < ncerts; i++) {