Patchwork vnc: Clean up vncws_send_handshake_response()

login
register
mail settings
Submitter Tim Hardeck
Date Jan. 25, 2013, 8:56 a.m.
Message ID <1359104210.6884.5.camel@Thinktank.site>
Download mbox | patch
Permalink /patch/215585/
State New
Headers show

Comments

Tim Hardeck - Jan. 25, 2013, 8:56 a.m.
Hi Markus,

thanks for your input.

On Wed, 2013-01-23 at 18:16 +0100, Markus Armbruster wrote:
> Use appropriate types, drop superfluous casts, use sizeof, don't
> exploit that this particular call of gnutls_fingerprint() doesn't
> change its last argument.

your patch does work fine but if we expect gnutls_fingerprint to change
the hash_size there has to be an additional check if the hash_size is
bigger than SHA1_DIGEST_LEN.

For example:

     if (accept == NULL) {
Markus Armbruster - Jan. 25, 2013, 9:23 a.m.
Tim Hardeck <thardeck@suse.de> writes:

> Hi Markus,
>
> thanks for your input.
>
> On Wed, 2013-01-23 at 18:16 +0100, Markus Armbruster wrote:
>> Use appropriate types, drop superfluous casts, use sizeof, don't
>> exploit that this particular call of gnutls_fingerprint() doesn't
>> change its last argument.
>
> your patch does work fine but if we expect gnutls_fingerprint to change
> the hash_size there has to be an additional check if the hash_size is
> bigger than SHA1_DIGEST_LEN.
>
> For example:
>
> diff --git a/ui/vnc-ws.c b/ui/vnc-ws.c
> index de7e74c..e64c895 100644
> --- a/ui/vnc-ws.c
> +++ b/ui/vnc-ws.c
> @@ -132,7 +132,7 @@ static void vncws_send_handshake_response(VncState
> *vs, const char* key)
>      in.data = (void *)combined_key;
>      in.size = WS_CLIENT_KEY_LEN + WS_GUID_LEN;
>      if (gnutls_fingerprint(GNUTLS_DIG_SHA1, &in, hash, &hash_size)
> -            == GNUTLS_E_SUCCESS) {
> +            == GNUTLS_E_SUCCESS && hash_size <= SHA1_DIGEST_LEN) {
>          accept = g_base64_encode(hash, hash_size);
>      }
>      if (accept == NULL) {

Makes sense.  I'll respin.  Thanks!

Patch

diff --git a/ui/vnc-ws.c b/ui/vnc-ws.c
index de7e74c..e64c895 100644
--- a/ui/vnc-ws.c
+++ b/ui/vnc-ws.c
@@ -132,7 +132,7 @@  static void vncws_send_handshake_response(VncState
*vs, const char* key)
     in.data = (void *)combined_key;
     in.size = WS_CLIENT_KEY_LEN + WS_GUID_LEN;
     if (gnutls_fingerprint(GNUTLS_DIG_SHA1, &in, hash, &hash_size)
-            == GNUTLS_E_SUCCESS) {
+            == GNUTLS_E_SUCCESS && hash_size <= SHA1_DIGEST_LEN) {
         accept = g_base64_encode(hash, hash_size);
     }