#! /bin/sh /usr/share/dpatch/dpatch-run
## bts832577-gcry-control.dpatch by Florian Forster <octo@collectd.org>
## and Sebastian Harl <tokkee@debian.org>
##
## DP: network plugin, libcollectdclient: Check return value of gcry_control().
##
## Upstream commits:
## https://github.com/collectd/collectd/commit/8b4fed99
## https://github.com/collectd/collectd/commit/262915c4
## https://github.com/collectd/collectd/commit/a3000cbe
## Upstream report:
## https://github.com/collectd/collectd/issues/1665

@DPATCH@

diff a/src/libcollectdclient/network_buffer.c b/src/libcollectdclient/network_buffer.c
--- a/src/libcollectdclient/network_buffer.c
+++ b/src/libcollectdclient/network_buffer.c
@@ -131,12 +131,15 @@
   need_init = 0;
 
 #if HAVE_LIBGCRYPT
-  gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
+  if (gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread))
+    return (0);
 
   if (!gcry_check_version (GCRYPT_VERSION))
     return (0);
 
-  gcry_control (GCRYCTL_INIT_SECMEM, 32768, 0);
+  if (!gcry_control (GCRYCTL_INIT_SECMEM, 32768, 0))
+    return (0);
+
   gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
 
   result = 1;
diff a/src/network.c b/src/network.c
--- a/src/network.c
+++ b/src/network.c
@@ -493,13 +493,15 @@
 } /* }}} int network_dispatch_notification */
 
 #if HAVE_LIBGCRYPT
-static void network_init_gcrypt (void) /* {{{ */
+static int network_init_gcrypt (void) /* {{{ */
 {
+  gcry_error_t err;
+
   /* http://lists.gnupg.org/pipermail/gcrypt-devel/2003-August/000458.html
    * Because you can't know in a library whether another library has
    * already initialized the library */
   if (gcry_control (GCRYCTL_ANY_INITIALIZATION_P))
-    return;
+    return (0);
 
  /* http://www.gnupg.org/documentation/manuals/gcrypt/Multi_002dThreading.html
   * To ensure thread-safety, it's important to set GCRYCTL_SET_THREAD_CBS
@@ -508,11 +510,25 @@
   * above doesn't count, as it doesn't implicitly initalize Libgcrypt.
   *
   * tl;dr: keep all these gry_* statements in this exact order please. */
-  gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
+  err = gcry_control (GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
+  if (err)
+  {
+    ERROR ("network plugin: gcry_control (GCRYCTL_SET_THREAD_CBS) failed: %s", gcry_strerror (err));
+    return (-1);
+  }
+
   gcry_check_version (NULL);
-  gcry_control (GCRYCTL_INIT_SECMEM, 32768);
+
+  err = gcry_control (GCRYCTL_INIT_SECMEM, 32768);
+  if (err)
+  {
+    ERROR ("network plugin: gcry_control (GCRYCTL_INIT_SECMEM) failed: %s", gcry_strerror (err));
+    return (-1);
+  }
+
   gcry_control (GCRYCTL_INITIALIZATION_FINISHED);
-} /* }}} void network_init_gcrypt */
+  return (0);
+} /* }}} int network_init_gcrypt */
 
 static gcry_cipher_hd_t network_get_aes256_cypher (sockent_t *se, /* {{{ */
     const void *iv, size_t iv_size, const char *username)
@@ -2050,7 +2066,12 @@
 	{
 		if (se->data.client.security_level > SECURITY_LEVEL_NONE)
 		{
-			network_init_gcrypt ();
+			if (network_init_gcrypt () < 0)
+			{
+				ERROR ("network plugin: Cannot configure client socket with "
+						"security: Failed to initialize crypto library.");
+				return (-1);
+			}
 
 			if ((se->data.client.username == NULL)
 					|| (se->data.client.password == NULL))
@@ -2070,7 +2091,12 @@
 	{
 		if (se->data.server.security_level > SECURITY_LEVEL_NONE)
 		{
-			network_init_gcrypt ();
+			if (network_init_gcrypt () < 0)
+			{
+				ERROR ("network plugin: Cannot configure server socket with "
+						"security: Failed to initialize crypto library.");
+				return (-1);
+			}
 
 			if (se->data.server.auth_file == NULL)
 			{
@@ -3395,7 +3421,11 @@
 	have_init = 1;
 
 #if HAVE_LIBGCRYPT
-	network_init_gcrypt ();
+	if (network_init_gcrypt () < 0)
+	{
+		ERROR ("network plugin: Failed to initialize crypto library.");
+		return (-1);
+	}
 #endif
 
 	if (network_config_stats != 0)