vnc: Clean up vncws_send_handshake_response()

Submitter	Tim Hardeck
Date	Jan. 25, 2013, 8:56 a.m.
Message ID	<1359104210.6884.5.camel@Thinktank.site>
Download	mbox \| patch
Permalink	/patch/215585/
State	New
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> Message-ID: <1359104210.6884.5.camel@Thinktank.site> From: Tim Hardeck <thardeck@suse.de> To: Markus Armbruster <armbru@redhat.com> Date: Fri, 25 Jan 2013 09:56:50 +0100 In-Reply-To: <1358961360-15623-1-git-send-email-armbru@redhat.com> References: <1358961360-15623-1-git-send-email-armbru@redhat.com> Organization: SUSE LINUX Products GmbH Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-pBoVSdmiNyj5iXsu+GCT" Mime-Version: 1.0 Cc: qemu-trivial@nongnu.org, qemu-devel@nongnu.org Subject: Re: [Qemu-devel] [PATCH] vnc: Clean up vncws_send_handshake_response() Precedence: list Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Comments

Tim Hardeck - Jan. 25, 2013, 8:56 a.m.

Hi Markus,

thanks for your input.

On Wed, 2013-01-23 at 18:16 +0100, Markus Armbruster wrote:
> Use appropriate types, drop superfluous casts, use sizeof, don't
> exploit that this particular call of gnutls_fingerprint() doesn't
> change its last argument.

your patch does work fine but if we expect gnutls_fingerprint to change
the hash_size there has to be an additional check if the hash_size is
bigger than SHA1_DIGEST_LEN.

For example:

     if (accept == NULL) {

Markus Armbruster - Jan. 25, 2013, 9:23 a.m.

Tim Hardeck <thardeck@suse.de> writes:

> Hi Markus,
>
> thanks for your input.
>
> On Wed, 2013-01-23 at 18:16 +0100, Markus Armbruster wrote:
>> Use appropriate types, drop superfluous casts, use sizeof, don't
>> exploit that this particular call of gnutls_fingerprint() doesn't
>> change its last argument.
>
> your patch does work fine but if we expect gnutls_fingerprint to change
> the hash_size there has to be an additional check if the hash_size is
> bigger than SHA1_DIGEST_LEN.
>
> For example:
>
> diff --git a/ui/vnc-ws.c b/ui/vnc-ws.c
> index de7e74c..e64c895 100644
> --- a/ui/vnc-ws.c
> +++ b/ui/vnc-ws.c
> @@ -132,7 +132,7 @@ static void vncws_send_handshake_response(VncState
> *vs, const char* key)
>      in.data = (void *)combined_key;
>      in.size = WS_CLIENT_KEY_LEN + WS_GUID_LEN;
>      if (gnutls_fingerprint(GNUTLS_DIG_SHA1, &in, hash, &hash_size)
> -            == GNUTLS_E_SUCCESS) {
> +            == GNUTLS_E_SUCCESS && hash_size <= SHA1_DIGEST_LEN) {
>          accept = g_base64_encode(hash, hash_size);
>      }
>      if (accept == NULL) {

Makes sense.  I'll respin.  Thanks!

Patch

diff --git a/ui/vnc-ws.c b/ui/vnc-ws.c
index de7e74c..e64c895 100644
--- a/ui/vnc-ws.c
+++ b/ui/vnc-ws.c
@@ -132,7 +132,7 @@  static void vncws_send_handshake_response(VncState
*vs, const char* key)
     in.data = (void *)combined_key;
     in.size = WS_CLIENT_KEY_LEN + WS_GUID_LEN;
     if (gnutls_fingerprint(GNUTLS_DIG_SHA1, &in, hash, &hash_size)
-            == GNUTLS_E_SUCCESS) {
+            == GNUTLS_E_SUCCESS && hash_size <= SHA1_DIGEST_LEN) {
         accept = g_base64_encode(hash, hash_size);
     }

Patchwork vnc: Clean up vncws_send_handshake_response()

Comments

Patch