diff options
| author | Frediano Ziglio <freddy77@gmail.com> | 2020-08-27 17:57:36 +0100 |
|---|---|---|
| committer | Frediano Ziglio <freddy77@gmail.com> | 2020-08-27 18:50:01 +0100 |
| commit | c39cc1b1ef5165523f3394f06a65cc9a6c65b7ae (patch) | |
| tree | 8de10edee0ec3e4fd2e22bbada33253883c95d99 | |
| parent | 7daee890be76eae8f426f5498953925f34b6be4b (diff) | |
ssl_verify: Do not check IP if we fail to resolve it
There's no point on checking an empty IP address, an IP
address is never empty.
This also solve some compiler warnings trying to possibly
pass a NULL pointer to memcmp or setting a variable without
reading it.
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
Acked-by: Uri Lublin <uril@redhat.com>
| -rw-r--r-- | common/ssl_verify.c | 21 |
1 files changed, 10 insertions, 11 deletions
diff --git a/common/ssl_verify.c b/common/ssl_verify.c index dee719f..9ee8059 100644 --- a/common/ssl_verify.c +++ b/common/ssl_verify.c @@ -196,21 +196,22 @@ static int verify_hostname(X509* cert, const char *hostname) return 1; } } else if (name->type == GEN_IPADD) { - GInetAddress * ip = NULL; - const guint8 * ip_binary = NULL; - int alt_ip_len = 0; - int ip_len = 0; + GInetAddress * ip; + const guint8 * ip_binary; + int alt_ip_len; + int ip_len; found_dns_name = 1; ip = g_inet_address_new_from_string(hostname); - if (ip != NULL) { - ip_len = g_inet_address_get_native_size(ip); - ip_binary = g_inet_address_to_bytes(ip); - } else { + if (ip == NULL) { spice_warning("Could not parse hostname: %s", hostname); + continue; } + ip_len = g_inet_address_get_native_size(ip); + ip_binary = g_inet_address_to_bytes(ip); + alt_ip_len = ASN1_STRING_length(name->d.iPAddress); if ((ip_len == alt_ip_len) && @@ -229,9 +230,7 @@ static int verify_hostname(X509* cert, const char *hostname) GENERAL_NAMES_free(subject_alt_names); return 1; } - if (ip != NULL) { - g_object_unref(ip); - } + g_object_unref(ip); } } GENERAL_NAMES_free(subject_alt_names); |