diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2024-10-08 17:47:06 +0100 |
|---|---|---|
| committer | Kevin Wolf <kwolf@redhat.com> | 2024-10-22 17:52:49 +0200 |
| commit | 19c1e44123d53bfae4aae38e38a4342b789a581c (patch) | |
| tree | 91d472cb439e5647ad98cfb0ada90417686ee500 | |
| parent | 75200708cec2377425e3ca916cc5706ba22c9272 (diff) | |
| download | focaccia-qemu-19c1e44123d53bfae4aae38e38a4342b789a581c.tar.gz focaccia-qemu-19c1e44123d53bfae4aae38e38a4342b789a581c.zip | |
block/ssh.c: Don't double-check that characters are hex digits
In compare_fingerprint() we effectively check whether the characters in the fingerprint are valid hex digits twice: first we do so with qemu_isxdigit(), but then the hex2decimal() function also has a code path where it effectively detects an invalid digit and returns -1. This causes Coverity to complain because it thinks that we might use that -1 value in an expression where it would be an integer overflow. Avoid the double-check of hex digit validity by testing the return values from hex2decimal() rather than doing separate calls to qemu_isxdigit(). Since this means we now use the illegal-character return value from hex2decimal(), rewrite it from "-1" to "UINT_MAX", which has the same effect since the return type is "unsigned" but looks less confusing at the callsites when we detect it with "c0 > 0xf". Resolves: Coverity CID 1547813 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Message-ID: <20241008164708.2966400-3-peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
| -rw-r--r-- | block/ssh.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/block/ssh.c b/block/ssh.c index 871e1d4753..9f8140bcb6 100644 --- a/block/ssh.c +++ b/block/ssh.c @@ -364,7 +364,7 @@ static unsigned hex2decimal(char ch) return 10 + (ch - 'A'); } - return -1; + return UINT_MAX; } /* Compare the binary fingerprint (hash of host key) with the @@ -376,13 +376,15 @@ static int compare_fingerprint(const unsigned char *fingerprint, size_t len, unsigned c; while (len > 0) { + unsigned c0, c1; while (*host_key_check == ':') host_key_check++; - if (!qemu_isxdigit(host_key_check[0]) || - !qemu_isxdigit(host_key_check[1])) + c0 = hex2decimal(host_key_check[0]); + c1 = hex2decimal(host_key_check[1]); + if (c0 > 0xf || c1 > 0xf) { return 1; - c = hex2decimal(host_key_check[0]) * 16 + - hex2decimal(host_key_check[1]); + } + c = c0 * 16 + c1; if (c - *fingerprint != 0) return c - *fingerprint; fingerprint++; |