commit d8fb8d92168279d2df1d86ba1cb474d66829a8e0
author Adrien Béraud <adrien.beraud@savoirfairelinux.com> Thu Dec 07 10:08:38 2023 -0500
committer Adrien Béraud <adrien.beraud@savoirfairelinux.com> Thu Dec 07 10:08:46 2023 -0500
tree bd2923f420176707f9f15d369b2abf2e1dcdcc8e
parent b1bcdecbac2a41de3941ef5a34faa6fbe4472535

certstore: avoid accessing invalid iterator

In the else branch, `s` is always an invalid iterator.
Use `us` instead.

Change-Id: Ib517dce22f3bde103f753b325e919f86db299623

src/security/certstore.cpp

diff --git a/src/security/certstore.cpp b/src/security/certstore.cpp
index 0c2f0e8..8bd9236 100644
--- a/src/security/certstore.cpp
+++ b/src/security/certstore.cpp
@@ -604,12 +604,14 @@
     auto cert = certStore_.getCertificate(cert_id);
     if (!cert)
         return PermissionStatus::UNDEFINED;
-    auto allowed = false; auto found = false;
+    auto allowed = false;
+    auto found = false;
     while (cert) {
         auto s = certStatus_.find(cert->getId().toString());
         if (s != std::end(certStatus_)) {
             if (!found) {
-                found = true; allowed = true; // we need to find at least a certificate
+                found = true;
+                allowed = true; // we need to find at least a certificate
             }
             allowed &= s->second.second.allowed;
             if (!allowed)
@@ -618,10 +620,11 @@
             auto us = unknownCertStatus_.find(cert->getId().toString());
             if (us != std::end(unknownCertStatus_)) {
                 if (!found) {
-                    found = true; allowed = true; // we need to find at least a certificate
+                    found = true;
+                    allowed = true; // we need to find at least a certificate
                 }
-                allowed &= s->second.second.allowed;
-                if (!us->second.allowed)
+                allowed &= us->second.allowed;
+                if (!allowed)
                     return PermissionStatus::BANNED;
             }
         }