[Spice-devel] [PATCH v2] Check RSA_generate_key_ex return value
Uri Lublin
uril at redhat.com
Sun Mar 16 03:06:26 PDT 2014
On 03/12/2014 03:22 PM, Christophe Fergeau wrote:
> This commit will cause the client connection to fail but qemu won't
> segfault.
> ---
> Changes since v1:
> - don't leak BIO when RSA_generate_key_ex fails
>
> diff --git a/server/reds.c b/server/reds.c
> index c38fa40..6706754 100644
> --- a/server/reds.c
> +++ b/server/reds.c
> @@ -1368,8 +1368,15 @@ static int reds_send_link_ack(RedLinkInfo *link)
> return FALSE;
> }
>
> - RSA_generate_key_ex(link->tiTicketing.rsa, SPICE_TICKET_KEY_PAIR_LENGTH, link->tiTicketing.bn,
> - NULL);
> + if (RSA_generate_key_ex(link->tiTicketing.rsa,
> + SPICE_TICKET_KEY_PAIR_LENGTH,
> + link->tiTicketing.bn,
> + NULL) != 1) {
> + spice_warning("Failed to generate %d bits RSA key: %s",
> + SPICE_TICKET_KEY_PAIR_LENGTH,
> + ERR_error_string(ERR_get_error(), NULL));
> + goto end;
> + }
> link->tiTicketing.rsa_size = RSA_size(link->tiTicketing.rsa);
>
> i2d_RSA_PUBKEY_bio(bio, link->tiTicketing.rsa);
Ack.
More information about the Spice-devel
mailing list