virtual: Prefer fixed closures to libffi closures

On some circumstances (such as when loading p11-kit-proxy from httpd),
it is known that creation of libffi closure always fails, due to
SELinux policy.  Although this is harmless, it pollutes the journal
and gives wrong hints when troubleshooting.  This patch changes the
order of preference of libffi vs pre-compiled closures to avoid that.

1 files changed, 14 insertions, 5 deletions

diff --git a/p11-kit/virtual.c b/p11-kit/virtual.c
index 6abfe7a..338239f 100644
--- a/p11-kit/virtual.c
+++ b/p11-kit/virtual.c
@@ -2832,9 +2832,14 @@ p11_virtual_wrap (p11_virtual *virt,
                   p11_destroyer destroyer)
 {
 	Wrapper *wrapper;
+	CK_FUNCTION_LIST *result;
 
 	return_val_if_fail (virt != NULL, NULL);
 
+	result = p11_virtual_wrap_fixed (virt, destroyer);
+	if (result)
+		return result;
+
 	wrapper = calloc (1, sizeof (Wrapper));
 	return_val_if_fail (wrapper != NULL, NULL);
 
@@ -2844,8 +2849,10 @@ p11_virtual_wrap (p11_virtual *virt,
 	wrapper->bound.version.minor = CRYPTOKI_VERSION_MINOR;
 	wrapper->fixed_index = -1;
 
-	if (!init_wrapper_funcs (wrapper))
-		return p11_virtual_wrap_fixed (virt, destroyer);
+	if (!init_wrapper_funcs (wrapper)) {
+		free (wrapper);
+		return_val_if_reached (NULL);
+	}
 
 	assert ((void *)wrapper == (void *)&wrapper->bound);
 	assert (p11_virtual_is_wrapper (&wrapper->bound));
@@ -2859,7 +2866,11 @@ CK_FUNCTION_LIST *
 p11_virtual_wrap (p11_virtual *virt,
                   p11_destroyer destroyer)
 {
-	return p11_virtual_wrap_fixed (virt, destroyer);
+	CK_FUNCTION_LIST *result;
+
+	result = p11_virtual_wrap_fixed (virt, destroyer);
+	return_val_if_fail (result != NULL, NULL);
+	return result;
 }
 
 #endif /* !FFI_CLOSURES */
@@ -3068,8 +3079,6 @@ p11_virtual_wrap_fixed (p11_virtual *virt,
 	}
 	p11_mutex_unlock (&p11_virtual_mutex);
 
-	return_val_if_fail (result != NULL, NULL);
-
 	return result;
 }