[Spice-devel] [spice-common 2/2] ssl-verify: Don't leak GInetAddress
Fabiano FidĂȘncio
fidencio at redhat.com
Fri Oct 23 03:57:04 PDT 2015
On Fri, Oct 23, 2015 at 11:45 AM, Christophe Fergeau
<cfergeau at redhat.com> wrote:
> GInetAddress is a GObject, so we must unref anything we create with
> g_inet_address_new_*
Would be nice to update the GInetAddress documentation then.
> ---
> common/ssl_verify.c | 10 ++++++++--
> 1 file changed, 8 insertions(+), 2 deletions(-)
>
> diff --git a/common/ssl_verify.c b/common/ssl_verify.c
> index 817cf7b..601252e 100644
> --- a/common/ssl_verify.c
> +++ b/common/ssl_verify.c
> @@ -190,9 +190,7 @@ static int verify_hostname(X509* cert, const char *hostname)
> return 1;
> }
> } else if (name->type == GEN_IPADD) {
> - GInetAddress * alt_ip = NULL;
> GInetAddress * ip = NULL;
> - gchar * alt_ip_string = NULL;
> const guint8 * ip_binary = NULL;
> int alt_ip_len = 0;
> int ip_len = 0;
> @@ -211,15 +209,23 @@ static int verify_hostname(X509* cert, const char *hostname)
>
> if ((ip_len == alt_ip_len) &&
> (memcmp(ASN1_STRING_data(name->d.iPAddress), ip_binary, ip_len)) == 0) {
> + GInetAddress * alt_ip = NULL;
> + gchar * alt_ip_string = NULL;
> +
> alt_ip = g_inet_address_new_from_bytes(ASN1_STRING_data(name->d.iPAddress),
> g_inet_address_get_family(ip));
> alt_ip_string = g_inet_address_to_string(alt_ip);
> spice_debug("alt name IP match=%s", alt_ip_string);
>
> g_free(alt_ip_string);
> + g_object_unref(alt_ip);
> + g_object_unref(ip);
> GENERAL_NAMES_free(subject_alt_names);
> return 1;
> }
> + if (ip != NULL) {
> + g_object_unref(ip);
> + }
> }
> }
> GENERAL_NAMES_free(subject_alt_names);
> --
> 2.5.0
>
> _______________________________________________
> Spice-devel mailing list
> Spice-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/spice-devel
More information about the Spice-devel
mailing list