[Spice-devel] [PATCH spice-common] ssl-verify: add a bit of run-time checks
Marc-André Lureau
marcandre.lureau at gmail.com
Mon May 21 08:28:50 PDT 2012
ping
On Thu, May 17, 2012 at 2:45 PM, Marc-André Lureau
<marcandre.lureau at gmail.com> wrote:
> Even if they are not public functions, those conditions can be reached
> in a invalid state.
> ---
> common/ssl_verify.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/common/ssl_verify.c b/common/ssl_verify.c
> index 2f34c00..3667b2e 100644
> --- a/common/ssl_verify.c
> +++ b/common/ssl_verify.c
> @@ -166,6 +166,8 @@ static int verify_hostname(X509* cert, const char *hostname)
> int cn_match = 0;
> X509_NAME* subject;
>
> + spice_return_val_if_fail(hostname != NULL, 0);
> +
> if (!cert) {
> spice_debug("warning: no cert!");
> return 0;
> @@ -270,6 +272,9 @@ static X509_NAME* subject_to_x509_name(const char *subject, int *nentries)
> VALUE
> } state;
>
> + spice_return_val_if_fail(subject != NULL, NULL);
> + spice_return_val_if_fail(nentries != NULL, NULL);
> +
> key = (char*)alloca(strlen(subject));
> val = (char*)alloca(strlen(subject));
> in_subject = X509_NAME_new();
> --
> 1.7.10.1
>
--
Marc-André Lureau
More information about the Spice-devel
mailing list