From: Kevin Wolf <kwolf@redhat.com>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-devel@nongnu.org,
"Philippe Mathieu-Daudé" <philmd@linaro.org>,
"John Snow" <jsnow@redhat.com>, "Stefan Weil" <sw@weilnetz.de>,
"Richard W.M. Jones" <rjones@redhat.com>,
"Hanna Reitz" <hreitz@redhat.com>,
qemu-block@nongnu.org
Subject: Re: [PATCH 7/7] block/ssh.c: Don't double-check that characters are hex digits
Date: Wed, 31 Jul 2024 17:21:36 +0200 [thread overview]
Message-ID: <ZqpWgDooox-kHyk2@redhat.com> (raw)
In-Reply-To: <20240731143617.3391947-8-peter.maydell@linaro.org>
Am 31.07.2024 um 16:36 hat Peter Maydell geschrieben:
> In compare_fingerprint() we effectively check whether the characters
> in the fingerprint are valid hex digits twice: first we do so with
> qemu_isxdigit(), but then the hex2decimal() function also has a code
> path where it effectively detects an invalid digit and returns -1.
> This causes Coverity to complain because it thinks that we might use
> that -1 value in an expression where it would be an integer overflow.
If it's a Coverity issue, I think you want to mention the CID, too.
> Avoid the double-check of hex digit validity by testing the return
> values from hex2decimal() rather than doing separate calls to
> qemu_isxdigit().
>
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
> Could alternatively have put a g_assert_non_reached() in
> hex2decimal(), but this seemed better to me.
I don't like that hex2decimal() returns -1 when its result is unsigned,
which is why you had to write the check as > 0xf rather than < 0. So in
this sense, g_assert_non_reached() would look better to me. But we could
also just change it to return UINT_MAX instead, which should be the
same, just written in a less confusing way.
> block/ssh.c | 10 ++++++----
> 1 file changed, 6 insertions(+), 4 deletions(-)
>
> diff --git a/block/ssh.c b/block/ssh.c
> index 27d582e0e3d..510dd208aba 100644
> --- a/block/ssh.c
> +++ b/block/ssh.c
> @@ -376,13 +376,15 @@ static int compare_fingerprint(const unsigned char *fingerprint, size_t len,
> unsigned c;
>
> while (len > 0) {
> + unsigned c0, c1;
> while (*host_key_check == ':')
> host_key_check++;
> - if (!qemu_isxdigit(host_key_check[0]) ||
> - !qemu_isxdigit(host_key_check[1]))
> + c0 = hex2decimal(host_key_check[0]);
> + c1 = hex2decimal(host_key_check[1]);
> + if (c0 > 0xf || c1 > 0xf) {
> return 1;
> - c = hex2decimal(host_key_check[0]) * 16 +
> - hex2decimal(host_key_check[1]);
> + }
> + c = c0 * 16 + c1;
> if (c - *fingerprint != 0)
> return c - *fingerprint;
> fingerprint++;
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
next prev parent reply other threads:[~2024-07-31 15:22 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-31 14:36 [PATCH 0/7] block: Miscellaneous minor Coverity fixes Peter Maydell
2024-07-31 14:36 ` [PATCH 1/7] block/vdi.c: Avoid potential overflow when calculating size of write Peter Maydell
2024-07-31 14:59 ` Kevin Wolf
2024-07-31 15:05 ` Stefan Weil via
2024-07-31 14:36 ` [PATCH 2/7] block/gluster: Use g_autofree for string in qemu_gluster_parse_json() Peter Maydell
2024-07-31 15:04 ` Kevin Wolf
2024-07-31 20:54 ` Philippe Mathieu-Daudé
2024-07-31 14:36 ` [PATCH 3/7] hw/block/pflash_cfi01: Don't decrement pfl->counter below 0 Peter Maydell
2024-07-31 15:07 ` Kevin Wolf
2024-08-05 18:20 ` Philippe Mathieu-Daudé
2024-07-31 14:36 ` [PATCH 4/7] hw/ide/atapi: Be explicit that assigning to s->lcyl truncates Peter Maydell
2024-07-31 14:46 ` Markus Armbruster
2024-07-31 14:49 ` Peter Maydell
2024-07-31 14:57 ` Kevin Wolf
2024-07-31 14:36 ` [PATCH 5/7] hw/block/fdc-isa: Assert that isa_fdc_get_drive_max_chs() found something Peter Maydell
2024-07-31 14:50 ` Markus Armbruster
2024-07-31 14:54 ` Kevin Wolf
2024-07-31 20:56 ` Philippe Mathieu-Daudé
2024-07-31 14:36 ` [PATCH 6/7] hw/ide/pci.c: Remove dead code from bmdma_prepare_buf() Peter Maydell
2024-07-31 15:13 ` Kevin Wolf
2024-07-31 21:02 ` Philippe Mathieu-Daudé
2024-07-31 14:36 ` [PATCH 7/7] block/ssh.c: Don't double-check that characters are hex digits Peter Maydell
2024-07-31 15:21 ` Kevin Wolf [this message]
2024-07-31 15:26 ` Peter Maydell
2024-08-05 18:21 ` [PATCH 0/7] block: Miscellaneous minor Coverity fixes Philippe Mathieu-Daudé
2024-08-06 8:11 ` Philippe Mathieu-Daudé
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZqpWgDooox-kHyk2@redhat.com \
--to=kwolf@redhat.com \
--cc=hreitz@redhat.com \
--cc=jsnow@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=philmd@linaro.org \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=rjones@redhat.com \
--cc=sw@weilnetz.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.