[Spice-devel] [PATCH spice-common] ssl-verify: add a bit of run-time checks
Hans de Goede
hdegoede at redhat.com
Mon May 21 10:22:35 PDT 2012
Looks good, ACK.
On 05/21/2012 05:28 PM, Marc-André Lureau wrote:
> ping
>
> On Thu, May 17, 2012 at 2:45 PM, Marc-André Lureau
> <marcandre.lureau at gmail.com> wrote:
>> Even if they are not public functions, those conditions can be reached
>> in a invalid state.
>> ---
>> common/ssl_verify.c | 5 +++++
>> 1 file changed, 5 insertions(+)
>>
>> diff --git a/common/ssl_verify.c b/common/ssl_verify.c
>> index 2f34c00..3667b2e 100644
>> --- a/common/ssl_verify.c
>> +++ b/common/ssl_verify.c
>> @@ -166,6 +166,8 @@ static int verify_hostname(X509* cert, const char *hostname)
>> int cn_match = 0;
>> X509_NAME* subject;
>>
>> + spice_return_val_if_fail(hostname != NULL, 0);
>> +
>> if (!cert) {
>> spice_debug("warning: no cert!");
>> return 0;
>> @@ -270,6 +272,9 @@ static X509_NAME* subject_to_x509_name(const char *subject, int *nentries)
>> VALUE
>> } state;
>>
>> + spice_return_val_if_fail(subject != NULL, NULL);
>> + spice_return_val_if_fail(nentries != NULL, NULL);
>> +
>> key = (char*)alloca(strlen(subject));
>> val = (char*)alloca(strlen(subject));
>> in_subject = X509_NAME_new();
>> --
>> 1.7.10.1
>>
>
>
>
More information about the Spice-devel
mailing list