Changed old inet_aton function for modern getaddrinfo.
inet_aton only supported IPv4 addresses, and wasn't available on windows
machines. getaddrinfo supports both IPv4 and IPv6 natively.
---
Changes since v1:
- Changed inet_pton() to getaddrinfo()
- Removed inet_aton() compatibility function
- Changed 2 variables into a union
- Cleaned up memcmp condition
---
common/ssl_verify.c | 43 +++++++++++++++++++++++++------------------
common/ssl_verify.h | 1 +
2 files changed, 26 insertions(+), 18 deletions(-)
diff --git a/common/ssl_verify.c b/common/ssl_verify.c
index 72a3dd8..0b7d958 100644
--- a/common/ssl_verify.c
+++ b/common/ssl_verify.c
@@ -28,23 +28,12 @@
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
+#include <netdb.h>
+#include <netinet/in.h>
#endif
#include <ctype.h>
#include <string.h>
-#ifdef WIN32
-static int inet_aton(const char* ip, struct in_addr* in_addr)
-{
- unsigned long addr = inet_addr(ip);
-
- if (addr == INADDR_NONE) {
- return 0;
- }
- in_addr->S_un.S_addr = addr;
- return 1;
-}
-#endif
-
static int verify_pubkey(X509* cert, const char *key, size_t key_size)
{
EVP_PKEY* cert_pubkey = NULL;
@@ -161,11 +150,18 @@ static int verify_hostname(X509* cert, const char *hostname)
{
GENERAL_NAMES* subject_alt_names;
int found_dns_name = 0;
- struct in_addr addr;
+ struct addrinfo hints;
+ struct addrinfo *addr = NULL;
int addr_len = 0;
int cn_match = 0;
X509_NAME* subject;
+ union {
+ struct in_addr ipv4;
+ struct in6_addr ipv6;
+ unsigned char data[16];
+ } ip_addr;
+
spice_return_val_if_fail(hostname != NULL, 0);
if (!cert) {
@@ -207,13 +203,24 @@ static int verify_hostname(X509* cert, const char *hostname)
int alt_ip_len = ASN1_STRING_length(name->d.iPAddress);
found_dns_name = 1;
- // only IpV4 supported
- if (inet_aton(hostname, &addr)) {
- addr_len = sizeof(struct in_addr);
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_flags = AI_NUMERICHOST;
+
+ if (getaddrinfo(hostname, NULL, &hints, &addr) == 0) {
+ if (addr->ai_family == AF_INET) {
+ addr_len = sizeof(struct in_addr);
+ ip_addr.ipv4 = ((struct sockaddr_in *)addr->ai_addr)->sin_addr;
+ } else if (addr->ai_family == AF_INET6) {
+ addr_len = sizeof(struct in6_addr);
+ ip_addr.ipv6 = ((struct sockaddr_in6 *)addr->ai_addr)->sin6_addr;
+ }
+
+ freeaddrinfo(addr);
}
if ((addr_len == alt_ip_len)&&
- !memcmp(ASN1_STRING_data(name->d.iPAddress), &addr, addr_len)) {
+ (memcmp(ASN1_STRING_data(name->d.iPAddress), &ip_addr.data, addr_len) == 0)) {
spice_debug("alt name IP match=%s",
inet_ntoa(*((struct in_addr*)ASN1_STRING_data(name->d.iPAddress))));
GENERAL_NAMES_free(subject_alt_names);
diff --git a/common/ssl_verify.h b/common/ssl_verify.h
index e32ca54..a7fcfee 100644
--- a/common/ssl_verify.h
+++ b/common/ssl_verify.h
@@ -20,6 +20,7 @@
#define SSL_VERIFY_H
#if defined(WIN32)
+#include <ws2tcpip.h>
#include <windows.h>
#include <wincrypt.h>
#ifdef X509_NAME
--
2.4.3
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/spice-devel