[Spice-commits] common/ssl_verify.c
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Thu Aug 27 17:50:46 UTC 2020
common/ssl_verify.c | 21 ++++++++++-----------
1 file changed, 10 insertions(+), 11 deletions(-)
New commits:
commit c39cc1b1ef5165523f3394f06a65cc9a6c65b7ae
Author: Frediano Ziglio <freddy77 at gmail.com>
Date: Thu Aug 27 17:57:36 2020 +0100
ssl_verify: Do not check IP if we fail to resolve it
There's no point on checking an empty IP address, an IP
address is never empty.
This also solve some compiler warnings trying to possibly
pass a NULL pointer to memcmp or setting a variable without
reading it.
Signed-off-by: Frediano Ziglio <freddy77 at gmail.com>
Acked-by: Uri Lublin <uril at redhat.com>
diff --git a/common/ssl_verify.c b/common/ssl_verify.c
index dee719f..9ee8059 100644
--- a/common/ssl_verify.c
+++ b/common/ssl_verify.c
@@ -196,21 +196,22 @@ static int verify_hostname(X509* cert, const char *hostname)
return 1;
}
} else if (name->type == GEN_IPADD) {
- GInetAddress * ip = NULL;
- const guint8 * ip_binary = NULL;
- int alt_ip_len = 0;
- int ip_len = 0;
+ GInetAddress * ip;
+ const guint8 * ip_binary;
+ int alt_ip_len;
+ int ip_len;
found_dns_name = 1;
ip = g_inet_address_new_from_string(hostname);
- if (ip != NULL) {
- ip_len = g_inet_address_get_native_size(ip);
- ip_binary = g_inet_address_to_bytes(ip);
- } else {
+ if (ip == NULL) {
spice_warning("Could not parse hostname: %s", hostname);
+ continue;
}
+ ip_len = g_inet_address_get_native_size(ip);
+ ip_binary = g_inet_address_to_bytes(ip);
+
alt_ip_len = ASN1_STRING_length(name->d.iPAddress);
if ((ip_len == alt_ip_len) &&
@@ -229,9 +230,7 @@ static int verify_hostname(X509* cert, const char *hostname)
GENERAL_NAMES_free(subject_alt_names);
return 1;
}
- if (ip != NULL) {
- g_object_unref(ip);
- }
+ g_object_unref(ip);
}
}
GENERAL_NAMES_free(subject_alt_names);
More information about the Spice-commits
mailing list