[Spice-devel] [PATCH spice-server 08/11] red-stream: Simplify mechname matching
Frediano Ziglio
fziglio at redhat.com
Mon Dec 11 10:28:05 UTC 2017
Avoid over complicated matching using quoting and a simple
strstr operation.
Signed-off-by: Frediano Ziglio <fziglio at redhat.com>
---
server/red-stream.c | 30 +++++++++---------------------
1 file changed, 9 insertions(+), 21 deletions(-)
diff --git a/server/red-stream.c b/server/red-stream.c
index 55e2c3e0..9e91a3da 100644
--- a/server/red-stream.c
+++ b/server/red-stream.c
@@ -744,6 +744,7 @@ static int auth_sasl_check_ssf(RedSASL *sasl, int *runSSF)
* u8-array serverout-strin
* u8 continue
*/
+#define SASL_MAX_MECHNAME_LEN 100
#define SASL_DATA_MAX_LEN (1024 * 1024)
RedSaslError red_sasl_handle_auth_step(RedStream *stream, AsyncReadDone read_cb, void *opaque)
@@ -981,24 +982,11 @@ bool red_sasl_handle_auth_mechname(RedStream *stream, AsyncReadDone read_cb, voi
spice_debug("Got client mechname '%s' check against '%s'",
sasl->mechname, sasl->mechlist);
- if (strncmp(sasl->mechlist, sasl->mechname, sasl->len) == 0) {
- if (sasl->mechlist[sasl->len] != '\0' &&
- sasl->mechlist[sasl->len] != ',') {
- spice_debug("One %d", sasl->mechlist[sasl->len]);
- return false;
- }
- } else {
- char *offset = strstr(sasl->mechlist, sasl->mechname);
- spice_debug("Two %p", offset);
- if (!offset) {
- return false;
- }
- spice_debug("Two '%s'", offset);
- if (offset[-1] != ',' ||
- (offset[sasl->len] != '\0'&&
- offset[sasl->len] != ',')) {
- return false;
- }
+ char quoted_mechname[SASL_MAX_MECHNAME_LEN + 4];
+ sprintf(quoted_mechname, ",%s,", sasl->mechname);
+
+ if (!strstr(sasl->mechlist, quoted_mechname)) {
+ return false;
}
spice_debug("Validated mechname '%s'", sasl->mechname);
@@ -1013,7 +1001,7 @@ bool red_sasl_handle_auth_mechlen(RedStream *stream, AsyncReadDone read_cb, void
{
RedSASL *sasl = &stream->priv->sasl;
- if (sasl->len < 1 || sasl->len > 100) {
+ if (sasl->len < 1 || sasl->len > SASL_MAX_MECHNAME_LEN) {
spice_warning("Got bad client mechname len %d", sasl->len);
return false;
}
@@ -1106,9 +1094,9 @@ bool red_sasl_start_auth(RedStream *stream, AsyncReadDone read_cb, void *opaque)
err = sasl_listmech(sasl->conn,
NULL, /* Don't need to set user */
- "", /* Prefix */
+ ",", /* Prefix */
",", /* Separator */
- "", /* Suffix */
+ ",", /* Suffix */
&mechlist,
NULL,
NULL);
--
2.14.3
More information about the Spice-devel
mailing list