rpms / spice-gtk

Clone
Source Code
GIT

Blame SOURCES/0015-ssl_verify-Do-not-check-IP-if-we-fail-to-resolve-it.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s
  1.   c8
  2.   SOURCES
  3.   0015-ssl_verify-Do-not-check-IP-if-we-fail-to-resolve-it.patch
Blob History Raw
76100f 
From c39cc1b1ef5165523f3394f06a65cc9a6c65b7ae Mon Sep 17 00:00:00 2001
76100f 
From: Frediano Ziglio <freddy77@gmail.com>
76100f 
Date: Thu, 27 Aug 2020 17:57:36 +0100
76100f 
Subject: [PATCH] ssl_verify: Do not check IP if we fail to resolve it
76100f
76100f 
There's no point on checking an empty IP address, an IP
76100f 
address is never empty.
76100f 
This also solve some compiler warnings trying to possibly
76100f 
pass a NULL pointer to memcmp or setting a variable without
76100f 
reading it.
76100f
76100f 
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
76100f 
Acked-by: Uri Lublin <uril@redhat.com>
76100f 
---
76100f 
 common/ssl_verify.c | 21 ++++++++++-----------
76100f 
 1 file changed, 10 insertions(+), 11 deletions(-)
76100f
76100f 
diff --git a/subprojects/spice-common/common/ssl_verify.c b/subprojects/spice-common/common/ssl_verify.c
76100f 
index dee719f..9ee8059 100644
76100f 
--- a/subprojects/spice-common/common/ssl_verify.c
76100f 
+++ b/subprojects/spice-common/common/ssl_verify.c
76100f 
@@ -196,21 +196,22 @@ static int verify_hostname(X509* cert, const char *hostname)
76100f 
                     return 1;
76100f 
                 }
76100f 
             } else if (name->type == GEN_IPADD) {
76100f 
-                GInetAddress * ip = NULL;
76100f 
-                const guint8 * ip_binary = NULL;
76100f 
-                int alt_ip_len = 0;
76100f 
-                int ip_len = 0;
76100f 
+                GInetAddress * ip;
76100f 
+                const guint8 * ip_binary;
76100f 
+                int alt_ip_len;
76100f 
+                int ip_len;
76100f
76100f 
                 found_dns_name = 1;
76100f
76100f 
                 ip = g_inet_address_new_from_string(hostname);
76100f 
-                if (ip != NULL) {
76100f 
-                    ip_len = g_inet_address_get_native_size(ip);
76100f 
-                    ip_binary = g_inet_address_to_bytes(ip);
76100f 
-                } else {
76100f 
+                if (ip == NULL) {
76100f 
                     spice_warning("Could not parse hostname: %s", hostname);
76100f 
+                    continue;
76100f 
                 }
76100f
76100f 
+                ip_len = g_inet_address_get_native_size(ip);
76100f 
+                ip_binary = g_inet_address_to_bytes(ip);
76100f 
+
76100f 
                 alt_ip_len = ASN1_STRING_length(name->d.iPAddress);
76100f
76100f 
                 if ((ip_len == alt_ip_len) &&
76100f 
@@ -229,9 +230,7 @@ static int verify_hostname(X509* cert, const char *hostname)
76100f 
                     GENERAL_NAMES_free(subject_alt_names);
76100f 
                     return 1;
76100f 
                 }
76100f 
-                if (ip != NULL) {
76100f 
-                    g_object_unref(ip);
76100f 
-                }
76100f 
+                g_object_unref(ip);
76100f 
             }
76100f 
         }
76100f 
         GENERAL_NAMES_free(subject_alt_names);
76100f 
--
76100f 
2.28.0
76100f

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation