block/ssh.c: Don't double-check that characters are hex digits - focaccia-qemu - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Peter Maydell <peter.maydell@linaro.org>	2024-10-08 17:47:06 +0100
committer	Kevin Wolf <kwolf@redhat.com>	2024-10-22 17:52:49 +0200
commit	19c1e44123d53bfae4aae38e38a4342b789a581c (patch)
tree	91d472cb439e5647ad98cfb0ada90417686ee500 /linux-user/user-internals.h
parent	75200708cec2377425e3ca916cc5706ba22c9272 (diff)
download	focaccia-qemu-19c1e44123d53bfae4aae38e38a4342b789a581c.tar.gz focaccia-qemu-19c1e44123d53bfae4aae38e38a4342b789a581c.zip

block/ssh.c: Don't double-check that characters are hex digits

In compare_fingerprint() we effectively check whether the characters
in the fingerprint are valid hex digits twice: first we do so with
qemu_isxdigit(), but then the hex2decimal() function also has a code
path where it effectively detects an invalid digit and returns -1.
This causes Coverity to complain because it thinks that we might use
that -1 value in an expression where it would be an integer overflow.

Avoid the double-check of hex digit validity by testing the return
values from hex2decimal() rather than doing separate calls to
qemu_isxdigit().

Since this means we now use the illegal-character return value
from hex2decimal(), rewrite it from "-1" to "UINT_MAX", which
has the same effect since the return type is "unsigned" but
looks less confusing at the callsites when we detect it with
"c0 > 0xf".

Resolves: Coverity CID 1547813
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Message-ID: <20241008164708.2966400-3-peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

Diffstat (limited to 'linux-user/user-internals.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: