[Spice-commits] 7 commits - server/reds.c
Christophe Fergau
teuf at kemper.freedesktop.org
Thu Sep 20 07:42:38 PDT 2012
server/reds.c | 35 ++++++++++++++++++++++++++++-------
1 file changed, 28 insertions(+), 7 deletions(-)
New commits:
commit 4114b162ed3c6574174533d5b875d44ade092497
Author: Christophe Fergeau <cfergeau at redhat.com>
Date: Tue Sep 11 18:25:10 2012 +0200
reds: Report an error when reds_char_device_add_state fails
This used to abort with spice_error. The caller currently does
not check spice_server_char_device_add_interface return value, but
it's still cleaner to report an error in this case.
diff --git a/server/reds.c b/server/reds.c
index 147674e..9fc0057 100644
--- a/server/reds.c
+++ b/server/reds.c
@@ -3776,6 +3776,7 @@ static int spice_server_char_device_add_interface(SpiceServer *s,
reds_char_device_add_state(char_device->st);
} else {
spice_warning("failed to create device state for %s", char_device->subtype);
+ return -1;
}
return 0;
}
commit bcec6627a2229cb6ee4cf3c3fbc4d5761e61a259
Author: Christophe Fergeau <cfergeau at redhat.com>
Date: Tue Sep 11 18:24:37 2012 +0200
reds: Check errors returned from SSL_CTX_set_cipher_list
diff --git a/server/reds.c b/server/reds.c
index b1fd437..147674e 100644
--- a/server/reds.c
+++ b/server/reds.c
@@ -3349,7 +3349,9 @@ static int reds_init_ssl(void)
SSL_CTX_set_session_id_context(reds->ctx, (const unsigned char *)"SPICE", 5);
if (strlen(ssl_parameters.ciphersuite) > 0) {
- SSL_CTX_set_cipher_list(reds->ctx, ssl_parameters.ciphersuite);
+ if (!SSL_CTX_set_cipher_list(reds->ctx, ssl_parameters.ciphersuite)) {
+ return -1;
+ }
}
openssl_thread_setup();
commit 3494eaf938695fc75ed6718699d59a34fab0e17a
Author: Christophe Fergeau <cfergeau at redhat.com>
Date: Tue Sep 11 18:24:13 2012 +0200
reds: Report errors from load_dh_params
diff --git a/server/reds.c b/server/reds.c
index 1ff25f8..b1fd437 100644
--- a/server/reds.c
+++ b/server/reds.c
@@ -3208,25 +3208,30 @@ static int reds_init_net(void)
return 0;
}
-static void load_dh_params(SSL_CTX *ctx, char *file)
+static int load_dh_params(SSL_CTX *ctx, char *file)
{
DH *ret = 0;
BIO *bio;
if ((bio = BIO_new_file(file, "r")) == NULL) {
spice_warning("Could not open DH file");
+ return -1;
}
ret = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
+ BIO_free(bio);
if (ret == 0) {
spice_warning("Could not read DH params");
+ return -1;
}
- BIO_free(bio);
if (SSL_CTX_set_tmp_dh(ctx, ret) < 0) {
spice_warning("Could not set DH params");
+ return -1;
}
+
+ return 0;
}
/*The password code is not thread safe*/
@@ -3337,7 +3342,9 @@ static int reds_init_ssl(void)
#endif
if (strlen(ssl_parameters.dh_key_file) > 0) {
- load_dh_params(reds->ctx, ssl_parameters.dh_key_file);
+ if (load_dh_params(reds->ctx, ssl_parameters.dh_key_file) < 0) {
+ return -1;
+ }
}
SSL_CTX_set_session_id_context(reds->ctx, (const unsigned char *)"SPICE", 5);
commit 1e5bf67c2bc417d16308fc3d51f028c25b8544f6
Author: Christophe Fergeau <cfergeau at redhat.com>
Date: Wed Sep 12 16:10:34 2012 +0200
reds: Check reds_init_ssl errors
Now that this function can fail, propagate any error up to the
caller. This allows qemu to fail when an SSL initialization error
occurred.
diff --git a/server/reds.c b/server/reds.c
index 025c50c..1ff25f8 100644
--- a/server/reds.c
+++ b/server/reds.c
@@ -4021,7 +4021,9 @@ static int do_spice_init(SpiceCoreInterface *core_interface)
goto err;
}
if (reds->secure_listen_socket != -1) {
- reds_init_ssl();
+ if (reds_init_ssl() < 0) {
+ goto err;
+ }
}
#if HAVE_SASL
int saslerr;
commit 1c7fcefe1ebe0d8dfffc5a0b5d5d9388c167994c
Author: Christophe Fergeau <cfergeau at redhat.com>
Date: Tue Sep 11 18:12:05 2012 +0200
reds: report SSL initialization errors
Errors occurring in reds_init_ssl used to be fatal through the use
of spice_error, but this was downgraded to non-fatal spice_warning
calls recently. This means we no longer error out when invalid SSL
(certificates, ...) parameters are passed by the user.
This commit changes reds_init_ssl return value from void to int so
that errors can be reported to the caller.
diff --git a/server/reds.c b/server/reds.c
index 7108c1b..025c50c 100644
--- a/server/reds.c
+++ b/server/reds.c
@@ -3275,7 +3275,7 @@ static void openssl_thread_setup(void)
CRYPTO_set_locking_callback(pthreads_locking_callback);
}
-static void reds_init_ssl(void)
+static int reds_init_ssl(void)
{
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
const SSL_METHOD *ssl_method;
@@ -3294,6 +3294,7 @@ static void reds_init_ssl(void)
reds->ctx = SSL_CTX_new(ssl_method);
if (!reds->ctx) {
spice_warning("Could not allocate new SSL context");
+ return -1;
}
/* Limit connection to TLSv1 only */
@@ -3308,6 +3309,7 @@ static void reds_init_ssl(void)
spice_info("Loaded certificates from %s", ssl_parameters.certs_file);
} else {
spice_warning("Could not load certificates from %s", ssl_parameters.certs_file);
+ return -1;
}
SSL_CTX_set_default_passwd_cb(reds->ctx, ssl_password_cb);
@@ -3318,6 +3320,7 @@ static void reds_init_ssl(void)
spice_info("Using private key from %s", ssl_parameters.private_key_file);
} else {
spice_warning("Could not use private key file");
+ return -1;
}
/* Load the CAs we trust*/
@@ -3326,6 +3329,7 @@ static void reds_init_ssl(void)
spice_info("Loaded CA certificates from %s", ssl_parameters.ca_certificate_file);
} else {
spice_warning("Could not use CA file %s", ssl_parameters.ca_certificate_file);
+ return -1;
}
#if (OPENSSL_VERSION_NUMBER < 0x00905100L)
@@ -3347,6 +3351,8 @@ static void reds_init_ssl(void)
STACK *cmp_stack = SSL_COMP_get_compression_methods();
sk_zero(cmp_stack);
#endif
+
+ return 0;
}
static void reds_exit(void)
commit 5177c5fd09dc7bc9e237b8d0738d9bb4218706e0
Author: Christophe Fergeau <cfergeau at redhat.com>
Date: Tue Sep 11 18:07:06 2012 +0200
reds_init_net: report errors on watch setup failures
We used to be aborting in such situations, but this was changed
during the big spice_error/printerr cleanup. We are currently
outputting a warning but not reporting the error with the caller
when reds_init_net fails to register listening watches with the
mainloop. As it's unlikely that things will work as expected in
such cases, better to error out of the function instead of pretending
everything is all right.
diff --git a/server/reds.c b/server/reds.c
index 4dd713e..7108c1b 100644
--- a/server/reds.c
+++ b/server/reds.c
@@ -3176,6 +3176,7 @@ static int reds_init_net(void)
reds_accept, NULL);
if (reds->listen_watch == NULL) {
spice_warning("set fd handle failed");
+ return -1;
}
}
@@ -3190,6 +3191,7 @@ static int reds_init_net(void)
reds_accept_ssl_connection, NULL);
if (reds->secure_listen_watch == NULL) {
spice_warning("set fd handle failed");
+ return -1;
}
}
@@ -3200,6 +3202,7 @@ static int reds_init_net(void)
reds_accept, NULL);
if (reds->listen_watch == NULL) {
spice_warning("set fd handle failed");
+ return -1;
}
}
return 0;
commit eb19ac081f66d72f88868bb977c2b7e4a2b0259b
Author: Christophe Fergeau <cfergeau at redhat.com>
Date: Tue Sep 11 18:03:24 2012 +0200
reds: Abort on BN-new failures
BN_new returns NULL on allocation failures. Given that we abort
on malloc allocation failures, we should also abort here. The
current code will segfault when BN_new fails as it immediatly tries
to use the NULL pointer.
diff --git a/server/reds.c b/server/reds.c
index 5537c15..4dd713e 100644
--- a/server/reds.c
+++ b/server/reds.c
@@ -1859,7 +1859,7 @@ static void openssl_init(RedLinkInfo *link)
link->tiTicketing.bn = BN_new();
if (!link->tiTicketing.bn) {
- spice_warning("OpenSSL BIGNUMS alloc failed");
+ spice_error("OpenSSL BIGNUMS alloc failed");
}
BN_set_word(link->tiTicketing.bn, f4);
More information about the Spice-commits
mailing list