[common PATCH 4/4 v2] ssl-verify: Changed debug msg from IPv4 to IPv6

Lukas Venhoda <lvenhoda@xxxxxxxxxx> · Thu, 8 Oct 2015 16:32:58 +0200

Spice debug message printed only IPv4 addresses using inet_ntoa.
Changed to inet_pton for IPv6 support.

Can't use getnameinfo, because IP address in certificate is already in
struct in(6)_addr format used by inet_ntop function.

Added inet_ntop for Windows XP compatibility.
---
Changes since v1:
 - Added inet_ntop() compatibility function
    - For Windows XP
 - Added ip_address_to_string() function
 - Cleaned up alt match debug message
---
 common/ssl_verify.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 48 insertions(+), 2 deletions(-)

diff --git a/common/ssl_verify.c b/common/ssl_verify.c
index 0b7d958..ca3bd23 100644
--- a/common/ssl_verify.c
+++ b/common/ssl_verify.c
@@ -34,6 +34,49 @@
 #include <ctype.h>
 #include <string.h>

+#ifdef WIN32
+/* Code snippet from http://memset.wordpress.com/2010/10/09/inet_ntop-for-win32/ */
+static const char * inet_ntop(int af, const void * src, char * dst, socklen_t size)
+{
+    struct sockaddr_in addr_in;
+
+    memset(&addr_in, 0, sizeof(struct sockaddr_in));
+    memcpy(&(addr_in.sin_addr), src, sizeof(addr_in.sin_addr));
+
+    addr_in.sin_family = af;
+    if (WSAAddressToString((struct sockaddr *) &addr_in, sizeof(struct sockaddr_in), 0, dst, &size) != 0) {
+        spice_warning("WSAAddressToString() : %d", WSAGetLastError());
+        return NULL;
+    }
+    return dst;
+}
+#endif
+
+static int ip_address_to_string(const void * ip_addr, char * string, int ipv6)
+{
+    int ipversion;
+    int af;
+    socklen_t addr_len;
+
+    memset(string, 0, INET6_ADDRSTRLEN);
+
+    if (ipv6) {
+        af = AF_INET6;
+        addr_len = INET6_ADDRSTRLEN;
+        ipversion = 6;
+    } else {
+        af = AF_INET;
+        addr_len = INET_ADDRSTRLEN;
+        ipversion = 4;
+    }
+
+    if (inet_ntop(af, ip_addr, string, addr_len) == NULL) {
+        return 0;
+    }
+
+    return ipversion;
+}
+
 static int verify_pubkey(X509* cert, const char *key, size_t key_size)
 {
     EVP_PKEY* cert_pubkey = NULL;
@@ -221,8 +264,11 @@ static int verify_hostname(X509* cert, const char *hostname)

                 if ((addr_len == alt_ip_len)&&
                     (memcmp(ASN1_STRING_data(name->d.iPAddress), &ip_addr.data, addr_len) == 0)) {
-                    spice_debug("alt name IP match=%s",
-                                inet_ntoa(*((struct in_addr*)ASN1_STRING_data(name->d.iPAddress))));
+                    char buf[INET6_ADDRSTRLEN];
+                    int ipversion = ip_address_to_string((void *)ASN1_STRING_data(name->d.iPAddress),
+                                                         buf, addr_len == sizeof(struct in6_addr));
+                    spice_debug("alt name IPv%d match=%s", ipversion, buf);
+
                     GENERAL_NAMES_free(subject_alt_names);
                     return 1;
                 }
--
2.4.3

_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/spice-devel







