rpms / spice-gtk

Clone
Source Code
GIT

Blame SOURCES/0015-ssl_verify-Do-not-check-IP-if-we-fail-to-resolve-it.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s
  1.   c8s
  2.   SOURCES
  3.   0015-ssl_verify-Do-not-check-IP-if-we-fail-to-resolve-it.patch
Blob History Raw
adf827 
From c39cc1b1ef5165523f3394f06a65cc9a6c65b7ae Mon Sep 17 00:00:00 2001
adf827 
From: Frediano Ziglio <freddy77@gmail.com>
adf827 
Date: Thu, 27 Aug 2020 17:57:36 +0100
adf827 
Subject: [PATCH] ssl_verify: Do not check IP if we fail to resolve it
adf827
adf827 
There's no point on checking an empty IP address, an IP
adf827 
address is never empty.
adf827 
This also solve some compiler warnings trying to possibly
adf827 
pass a NULL pointer to memcmp or setting a variable without
adf827 
reading it.
adf827
adf827 
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
adf827 
Acked-by: Uri Lublin <uril@redhat.com>
adf827 
---
adf827 
 common/ssl_verify.c | 21 ++++++++++-----------
adf827 
 1 file changed, 10 insertions(+), 11 deletions(-)
adf827
adf827 
diff --git a/subprojects/spice-common/common/ssl_verify.c b/subprojects/spice-common/common/ssl_verify.c
adf827 
index dee719f..9ee8059 100644
adf827 
--- a/subprojects/spice-common/common/ssl_verify.c
adf827 
+++ b/subprojects/spice-common/common/ssl_verify.c
adf827 
@@ -196,21 +196,22 @@ static int verify_hostname(X509* cert, const char *hostname)
adf827 
                     return 1;
adf827 
                 }
adf827 
             } else if (name->type == GEN_IPADD) {
adf827 
-                GInetAddress * ip = NULL;
adf827 
-                const guint8 * ip_binary = NULL;
adf827 
-                int alt_ip_len = 0;
adf827 
-                int ip_len = 0;
adf827 
+                GInetAddress * ip;
adf827 
+                const guint8 * ip_binary;
adf827 
+                int alt_ip_len;
adf827 
+                int ip_len;
adf827
adf827 
                 found_dns_name = 1;
adf827
adf827 
                 ip = g_inet_address_new_from_string(hostname);
adf827 
-                if (ip != NULL) {
adf827 
-                    ip_len = g_inet_address_get_native_size(ip);
adf827 
-                    ip_binary = g_inet_address_to_bytes(ip);
adf827 
-                } else {
adf827 
+                if (ip == NULL) {
adf827 
                     spice_warning("Could not parse hostname: %s", hostname);
adf827 
+                    continue;
adf827 
                 }
adf827
adf827 
+                ip_len = g_inet_address_get_native_size(ip);
adf827 
+                ip_binary = g_inet_address_to_bytes(ip);
adf827 
+
adf827 
                 alt_ip_len = ASN1_STRING_length(name->d.iPAddress);
adf827
adf827 
                 if ((ip_len == alt_ip_len) &&
adf827 
@@ -229,9 +230,7 @@ static int verify_hostname(X509* cert, const char *hostname)
adf827 
                     GENERAL_NAMES_free(subject_alt_names);
adf827 
                     return 1;
adf827 
                 }
adf827 
-                if (ip != NULL) {
adf827 
-                    g_object_unref(ip);
adf827 
-                }
adf827 
+                g_object_unref(ip);
adf827 
             }
adf827 
         }
adf827 
         GENERAL_NAMES_free(subject_alt_names);
adf827 
--
adf827 
2.28.0
adf827

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation