Re: [Qemu-devel] [PATCH] vnc: Clean up vncws_send_handshake_response()
Hi Markus, thanks for your input. On Wed, 2013-01-23 at 18:16 +0100, Markus Armbruster wrote: Use appropriate types, drop superfluous casts, use sizeof, don't exploit that this particular call of gnutls_fingerprint() doesn't change its last argument. your patch does work fine but if we expect gnutls_fingerprint to change the hash_size there has to be an additional check if the hash_size is bigger than SHA1_DIGEST_LEN. For example: diff --git a/ui/vnc-ws.c b/ui/vnc-ws.c index de7e74c..e64c895 100644 --- a/ui/vnc-ws.c +++ b/ui/vnc-ws.c @@ -132,7 +132,7 @@ static void vncws_send_handshake_response(VncState *vs, const char* key) in.data = (void *)combined_key; in.size = WS_CLIENT_KEY_LEN + WS_GUID_LEN; if (gnutls_fingerprint(GNUTLS_DIG_SHA1, in, hash, hash_size) -== GNUTLS_E_SUCCESS) { +== GNUTLS_E_SUCCESS hash_size = SHA1_DIGEST_LEN) { accept = g_base64_encode(hash, hash_size); } if (accept == NULL) { -- SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) Maxfeldstr. 5, 90409 Nürnberg, Germany T: +49 (0) 911 74053-0 F: +49 (0) 911 74053-483 http://www.suse.de/ signature.asc Description: This is a digitally signed message part
Re: [Qemu-devel] [PATCH] vnc: Clean up vncws_send_handshake_response()
Tim Hardeck thard...@suse.de writes: Hi Markus, thanks for your input. On Wed, 2013-01-23 at 18:16 +0100, Markus Armbruster wrote: Use appropriate types, drop superfluous casts, use sizeof, don't exploit that this particular call of gnutls_fingerprint() doesn't change its last argument. your patch does work fine but if we expect gnutls_fingerprint to change the hash_size there has to be an additional check if the hash_size is bigger than SHA1_DIGEST_LEN. For example: diff --git a/ui/vnc-ws.c b/ui/vnc-ws.c index de7e74c..e64c895 100644 --- a/ui/vnc-ws.c +++ b/ui/vnc-ws.c @@ -132,7 +132,7 @@ static void vncws_send_handshake_response(VncState *vs, const char* key) in.data = (void *)combined_key; in.size = WS_CLIENT_KEY_LEN + WS_GUID_LEN; if (gnutls_fingerprint(GNUTLS_DIG_SHA1, in, hash, hash_size) -== GNUTLS_E_SUCCESS) { +== GNUTLS_E_SUCCESS hash_size = SHA1_DIGEST_LEN) { accept = g_base64_encode(hash, hash_size); } if (accept == NULL) { Makes sense. I'll respin. Thanks!
Re: [Qemu-devel] [PATCH] vnc: Clean up vncws_send_handshake_response()
Hi Markus, On 01/23/2013 06:16 PM, Markus Armbruster wrote: Use appropriate types, drop superfluous casts, use sizeof, don't exploit that this particular call of gnutls_fingerprint() doesn't change its last argument. Signed-off-by: Markus Armbruster arm...@redhat.com Reviewed-by: Tim Hardeck thard...@suse.de Regards Tim --- ui/vnc-ws.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ui/vnc-ws.c b/ui/vnc-ws.c index 9ccdc19..de7e74c 100644 --- a/ui/vnc-ws.c +++ b/ui/vnc-ws.c @@ -120,8 +120,8 @@ static char *vncws_extract_handshake_entry(const char *handshake, static void vncws_send_handshake_response(VncState *vs, const char* key) { char combined_key[WS_CLIENT_KEY_LEN + WS_GUID_LEN + 1]; -char hash[SHA1_DIGEST_LEN]; -size_t hash_size = SHA1_DIGEST_LEN; +unsigned char hash[SHA1_DIGEST_LEN]; +size_t hash_size = sizeof(hash); char *accept = NULL, *response = NULL; gnutls_datum_t in; @@ -133,7 +133,7 @@ static void vncws_send_handshake_response(VncState *vs, const char* key) in.size = WS_CLIENT_KEY_LEN + WS_GUID_LEN; if (gnutls_fingerprint(GNUTLS_DIG_SHA1, in, hash, hash_size) == GNUTLS_E_SUCCESS) { -accept = g_base64_encode((guchar *)hash, SHA1_DIGEST_LEN); +accept = g_base64_encode(hash, hash_size); } if (accept == NULL) { VNC_DEBUG(Hashing Websocket combined key failed\n); -- SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) Maxfeldstr. 5, 90409 Nürnberg, Germany T: +49 (0) 911 74053-0 F: +49 (0) 911 74053-483 http://www.suse.de/ signature.asc Description: OpenPGP digital signature
[Qemu-devel] [PATCH] vnc: Clean up vncws_send_handshake_response()
Use appropriate types, drop superfluous casts, use sizeof, don't exploit that this particular call of gnutls_fingerprint() doesn't change its last argument. Signed-off-by: Markus Armbruster arm...@redhat.com --- ui/vnc-ws.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ui/vnc-ws.c b/ui/vnc-ws.c index 9ccdc19..de7e74c 100644 --- a/ui/vnc-ws.c +++ b/ui/vnc-ws.c @@ -120,8 +120,8 @@ static char *vncws_extract_handshake_entry(const char *handshake, static void vncws_send_handshake_response(VncState *vs, const char* key) { char combined_key[WS_CLIENT_KEY_LEN + WS_GUID_LEN + 1]; -char hash[SHA1_DIGEST_LEN]; -size_t hash_size = SHA1_DIGEST_LEN; +unsigned char hash[SHA1_DIGEST_LEN]; +size_t hash_size = sizeof(hash); char *accept = NULL, *response = NULL; gnutls_datum_t in; @@ -133,7 +133,7 @@ static void vncws_send_handshake_response(VncState *vs, const char* key) in.size = WS_CLIENT_KEY_LEN + WS_GUID_LEN; if (gnutls_fingerprint(GNUTLS_DIG_SHA1, in, hash, hash_size) == GNUTLS_E_SUCCESS) { -accept = g_base64_encode((guchar *)hash, SHA1_DIGEST_LEN); +accept = g_base64_encode(hash, hash_size); } if (accept == NULL) { VNC_DEBUG(Hashing Websocket combined key failed\n); -- 1.7.11.7