[PULL 2/9] block/ssh.c: Don't double-check that characters are hex digits

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Kevin Wolf <kwolf@redhat.com>
To: qemu-block@nongnu.org
Cc: kwolf@redhat.com, qemu-devel@nongnu.org
Subject: [PULL 2/9] block/ssh.c: Don't double-check that characters are hex digits
Date: Tue, 22 Oct 2024 18:48:56 +0200	[thread overview]
Message-ID: <20241022164903.282174-3-kwolf@redhat.com> (raw)
In-Reply-To: <20241022164903.282174-1-kwolf@redhat.com>

From: Peter Maydell <peter.maydell@linaro.org>

In compare_fingerprint() we effectively check whether the characters
in the fingerprint are valid hex digits twice: first we do so with
qemu_isxdigit(), but then the hex2decimal() function also has a code
path where it effectively detects an invalid digit and returns -1.
This causes Coverity to complain because it thinks that we might use
that -1 value in an expression where it would be an integer overflow.

Avoid the double-check of hex digit validity by testing the return
values from hex2decimal() rather than doing separate calls to
qemu_isxdigit().

Since this means we now use the illegal-character return value
from hex2decimal(), rewrite it from "-1" to "UINT_MAX", which
has the same effect since the return type is "unsigned" but
looks less confusing at the callsites when we detect it with
"c0 > 0xf".

Resolves: Coverity CID 1547813
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Message-ID: <20241008164708.2966400-3-peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
 block/ssh.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/block/ssh.c b/block/ssh.c
index 871e1d4753..9f8140bcb6 100644
--- a/block/ssh.c
+++ b/block/ssh.c
@@ -364,7 +364,7 @@ static unsigned hex2decimal(char ch)
         return 10 + (ch - 'A');
     }

-    return -1;
+    return UINT_MAX;
 }

 /* Compare the binary fingerprint (hash of host key) with the
@@ -376,13 +376,15 @@ static int compare_fingerprint(const unsigned char *fingerprint, size_t len,
     unsigned c;

     while (len > 0) {
+        unsigned c0, c1;
         while (*host_key_check == ':')
             host_key_check++;
-        if (!qemu_isxdigit(host_key_check[0]) ||
-            !qemu_isxdigit(host_key_check[1]))
+        c0 = hex2decimal(host_key_check[0]);
+        c1 = hex2decimal(host_key_check[1]);
+        if (c0 > 0xf || c1 > 0xf) {
             return 1;
-        c = hex2decimal(host_key_check[0]) * 16 +
-            hex2decimal(host_key_check[1]);
+        }
+        c = c0 * 16 + c1;
         if (c - *fingerprint != 0)
             return c - *fingerprint;
         fingerprint++;
-- 
2.47.0

next prev parent reply	other threads:[~2024-10-22 16:50 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-10-22 16:48 [PULL 0/9] Block layer patches Kevin Wolf
2024-10-22 16:48 ` [PULL 1/9] block/gluster: Use g_autofree for string in qemu_gluster_parse_json() Kevin Wolf
2024-10-22 16:48 ` Kevin Wolf [this message]
2024-10-22 16:48 ` [PULL 3/9] tests/qemu-iotests/211.out: Update to expect MapEntry 'compressed' field Kevin Wolf
2024-10-22 16:48 ` [PULL 4/9] block/vdi.c: Make SECTOR_SIZE constant 64-bits Kevin Wolf
2024-10-22 16:48 ` [PULL 5/9] iotests/backup-discard-source: convert size variable to be int Kevin Wolf
2024-10-22 16:49 ` [PULL 6/9] iotests/backup-discard-source: don't use actual-size Kevin Wolf
2024-10-22 16:49 ` [PULL 7/9] qapi: add qom-path to BLOCK_IO_ERROR event Kevin Wolf
2024-10-22 16:49 ` [PULL 8/9] block-backend: per-device throttling of BLOCK_IO_ERROR reports Kevin Wolf
2024-10-22 16:49 ` [PULL 9/9] raw-format: Fix error message for invalid offset/size Kevin Wolf
2024-10-24 14:21 ` [PULL 0/9] Block layer patches Peter Maydell

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:871e1d475 dfblob:9f8140bcb )
 OR (
bs:"[PULL 2/9] block/ssh.c: Don't double-check that characters are hex digits" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20241022164903.282174-3-kwolf@redhat.com \
    --to=kwolf@redhat.com \
    --cc=qemu-block@nongnu.org \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).