rpms / spice-gtk

Clone
Source Code
GIT

Blame SOURCES/0015-ssl_verify-Do-not-check-IP-if-we-fail-to-resolve-it.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s
  1.   7492b2cadfdde886a967c4d2359a9e0f0cf6263f
  2.   SOURCES
  3.   0015-ssl_verify-Do-not-check-IP-if-we-fail-to-resolve-it.patch
Blob History Raw
7492b2 
From c39cc1b1ef5165523f3394f06a65cc9a6c65b7ae Mon Sep 17 00:00:00 2001
7492b2 
From: Frediano Ziglio <freddy77@gmail.com>
7492b2 
Date: Thu, 27 Aug 2020 17:57:36 +0100
7492b2 
Subject: [PATCH] ssl_verify: Do not check IP if we fail to resolve it
7492b2
7492b2 
There's no point on checking an empty IP address, an IP
7492b2 
address is never empty.
7492b2 
This also solve some compiler warnings trying to possibly
7492b2 
pass a NULL pointer to memcmp or setting a variable without
7492b2 
reading it.
7492b2
7492b2 
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
7492b2 
Acked-by: Uri Lublin <uril@redhat.com>
7492b2 
---
7492b2 
 common/ssl_verify.c | 21 ++++++++++-----------
7492b2 
 1 file changed, 10 insertions(+), 11 deletions(-)
7492b2
7492b2 
diff --git a/subprojects/spice-common/common/ssl_verify.c b/subprojects/spice-common/common/ssl_verify.c
7492b2 
index dee719f..9ee8059 100644
7492b2 
--- a/subprojects/spice-common/common/ssl_verify.c
7492b2 
+++ b/subprojects/spice-common/common/ssl_verify.c
7492b2 
@@ -196,21 +196,22 @@ static int verify_hostname(X509* cert, const char *hostname)
7492b2 
                     return 1;
7492b2 
                 }
7492b2 
             } else if (name->type == GEN_IPADD) {
7492b2 
-                GInetAddress * ip = NULL;
7492b2 
-                const guint8 * ip_binary = NULL;
7492b2 
-                int alt_ip_len = 0;
7492b2 
-                int ip_len = 0;
7492b2 
+                GInetAddress * ip;
7492b2 
+                const guint8 * ip_binary;
7492b2 
+                int alt_ip_len;
7492b2 
+                int ip_len;
7492b2
7492b2 
                 found_dns_name = 1;
7492b2
7492b2 
                 ip = g_inet_address_new_from_string(hostname);
7492b2 
-                if (ip != NULL) {
7492b2 
-                    ip_len = g_inet_address_get_native_size(ip);
7492b2 
-                    ip_binary = g_inet_address_to_bytes(ip);
7492b2 
-                } else {
7492b2 
+                if (ip == NULL) {
7492b2 
                     spice_warning("Could not parse hostname: %s", hostname);
7492b2 
+                    continue;
7492b2 
                 }
7492b2
7492b2 
+                ip_len = g_inet_address_get_native_size(ip);
7492b2 
+                ip_binary = g_inet_address_to_bytes(ip);
7492b2 
+
7492b2 
                 alt_ip_len = ASN1_STRING_length(name->d.iPAddress);
7492b2
7492b2 
                 if ((ip_len == alt_ip_len) &&
7492b2 
@@ -229,9 +230,7 @@ static int verify_hostname(X509* cert, const char *hostname)
7492b2 
                     GENERAL_NAMES_free(subject_alt_names);
7492b2 
                     return 1;
7492b2 
                 }
7492b2 
-                if (ip != NULL) {
7492b2 
-                    g_object_unref(ip);
7492b2 
-                }
7492b2 
+                g_object_unref(ip);
7492b2 
             }
7492b2 
         }
7492b2 
         GENERAL_NAMES_free(subject_alt_names);
7492b2 
--
7492b2 
2.28.0
7492b2

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation