You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
67 lines
2.4 KiB
67 lines
2.4 KiB
From c39cc1b1ef5165523f3394f06a65cc9a6c65b7ae Mon Sep 17 00:00:00 2001
|
|
From: Frediano Ziglio <freddy77@gmail.com>
|
|
Date: Thu, 27 Aug 2020 17:57:36 +0100
|
|
Subject: [PATCH] ssl_verify: Do not check IP if we fail to resolve it
|
|
|
|
There's no point on checking an empty IP address, an IP
|
|
address is never empty.
|
|
This also solve some compiler warnings trying to possibly
|
|
pass a NULL pointer to memcmp or setting a variable without
|
|
reading it.
|
|
|
|
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
|
|
Acked-by: Uri Lublin <uril@redhat.com>
|
|
---
|
|
common/ssl_verify.c | 21 ++++++++++-----------
|
|
1 file changed, 10 insertions(+), 11 deletions(-)
|
|
|
|
diff --git a/subprojects/spice-common/common/ssl_verify.c b/subprojects/spice-common/common/ssl_verify.c
|
|
index dee719f..9ee8059 100644
|
|
--- a/subprojects/spice-common/common/ssl_verify.c
|
|
+++ b/subprojects/spice-common/common/ssl_verify.c
|
|
@@ -196,21 +196,22 @@ static int verify_hostname(X509* cert, const char *hostname)
|
|
return 1;
|
|
}
|
|
} else if (name->type == GEN_IPADD) {
|
|
- GInetAddress * ip = NULL;
|
|
- const guint8 * ip_binary = NULL;
|
|
- int alt_ip_len = 0;
|
|
- int ip_len = 0;
|
|
+ GInetAddress * ip;
|
|
+ const guint8 * ip_binary;
|
|
+ int alt_ip_len;
|
|
+ int ip_len;
|
|
|
|
found_dns_name = 1;
|
|
|
|
ip = g_inet_address_new_from_string(hostname);
|
|
- if (ip != NULL) {
|
|
- ip_len = g_inet_address_get_native_size(ip);
|
|
- ip_binary = g_inet_address_to_bytes(ip);
|
|
- } else {
|
|
+ if (ip == NULL) {
|
|
spice_warning("Could not parse hostname: %s", hostname);
|
|
+ continue;
|
|
}
|
|
|
|
+ ip_len = g_inet_address_get_native_size(ip);
|
|
+ ip_binary = g_inet_address_to_bytes(ip);
|
|
+
|
|
alt_ip_len = ASN1_STRING_length(name->d.iPAddress);
|
|
|
|
if ((ip_len == alt_ip_len) &&
|
|
@@ -229,9 +230,7 @@ static int verify_hostname(X509* cert, const char *hostname)
|
|
GENERAL_NAMES_free(subject_alt_names);
|
|
return 1;
|
|
}
|
|
- if (ip != NULL) {
|
|
- g_object_unref(ip);
|
|
- }
|
|
+ g_object_unref(ip);
|
|
}
|
|
}
|
|
GENERAL_NAMES_free(subject_alt_names);
|
|
--
|
|
2.28.0
|
|
|