From c39cc1b1ef5165523f3394f06a65cc9a6c65b7ae Mon Sep 17 00:00:00 2001
From: Frediano Ziglio <freddy77@gmail.com>
Date: Thu, 27 Aug 2020 17:57:36 +0100
Subject: [PATCH] ssl_verify: Do not check IP if we fail to resolve it
There's no point on checking an empty IP address, an IP
address is never empty.
This also solve some compiler warnings trying to possibly
pass a NULL pointer to memcmp or setting a variable without
reading it.
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
Acked-by: Uri Lublin <uril@redhat.com>
---
common/ssl_verify.c | 21 ++++++++++-----------
1 file changed, 10 insertions(+), 11 deletions(-)
diff --git a/subprojects/spice-common/common/ssl_verify.c b/subprojects/spice-common/common/ssl_verify.c
index dee719f..9ee8059 100644
--- a/subprojects/spice-common/common/ssl_verify.c
+++ b/subprojects/spice-common/common/ssl_verify.c
@@ -196,21 +196,22 @@ static int verify_hostname(X509* cert, const char *hostname)
return 1;
}
} else if (name->type == GEN_IPADD) {
- GInetAddress * ip = NULL;
- const guint8 * ip_binary = NULL;
- int alt_ip_len = 0;
- int ip_len = 0;
+ GInetAddress * ip;
+ const guint8 * ip_binary;
+ int alt_ip_len;
+ int ip_len;
found_dns_name = 1;
ip = g_inet_address_new_from_string(hostname);
- if (ip != NULL) {
- ip_len = g_inet_address_get_native_size(ip);
- ip_binary = g_inet_address_to_bytes(ip);
- } else {
+ if (ip == NULL) {
spice_warning("Could not parse hostname: %s", hostname);
+ continue;
}
+ ip_len = g_inet_address_get_native_size(ip);
+ ip_binary = g_inet_address_to_bytes(ip);
+
alt_ip_len = ASN1_STRING_length(name->d.iPAddress);
if ((ip_len == alt_ip_len) &&
@@ -229,9 +230,7 @@ static int verify_hostname(X509* cert, const char *hostname)
GENERAL_NAMES_free(subject_alt_names);
return 1;
}
- if (ip != NULL) {
- g_object_unref(ip);
- }
+ g_object_unref(ip);
}
}
GENERAL_NAMES_free(subject_alt_names);
--
2.28.0