mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-02-08 12:41:29 +00:00
rpc: Resize dname for longer DN from TLS certs
And to make that easier, allocate it on the heap. Signed-off-by: Martin Kletzander <mkletzan@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
Martin Kletzander
parent
7c79cfe4da
commit
694f4e2f01
@ -980,11 +980,9 @@ static int virNetTLSContextValidCertificate(virNetTLSContext *ctxt,
|
|||||||
const gnutls_datum_t *certs;
|
const gnutls_datum_t *certs;
|
||||||
unsigned int nCerts;
|
unsigned int nCerts;
|
||||||
size_t i;
|
size_t i;
|
||||||
char dname[256];
|
size_t dnamesize = 256;
|
||||||
|
g_autofree char *dname = g_new0(char, dnamesize);
|
||||||
char *dnameptr = dname;
|
char *dnameptr = dname;
|
||||||
size_t dnamesize = sizeof(dname);
|
|
||||||
|
|
||||||
memset(dname, 0, dnamesize);
|
|
||||||
|
|
||||||
if ((ret = gnutls_certificate_verify_peers2(sess->session, &status)) < 0) {
|
if ((ret = gnutls_certificate_verify_peers2(sess->session, &status)) < 0) {
|
||||||
virReportError(VIR_ERR_SYSTEM_ERROR,
|
virReportError(VIR_ERR_SYSTEM_ERROR,
|
||||||
@ -1050,17 +1048,23 @@ static int virNetTLSContextValidCertificate(virNetTLSContext *ctxt,
|
|||||||
|
|
||||||
if (i == 0) {
|
if (i == 0) {
|
||||||
ret = gnutls_x509_crt_get_dn(cert, dname, &dnamesize);
|
ret = gnutls_x509_crt_get_dn(cert, dname, &dnamesize);
|
||||||
|
if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER) {
|
||||||
|
VIR_DEBUG("Reallocating dname to fit %zu bytes", dnamesize);
|
||||||
|
dname = g_realloc(dname, dnamesize);
|
||||||
|
dnameptr = dname;
|
||||||
|
ret = gnutls_x509_crt_get_dn(cert, dname, &dnamesize);
|
||||||
|
}
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
virReportError(VIR_ERR_SYSTEM_ERROR,
|
virReportError(VIR_ERR_SYSTEM_ERROR,
|
||||||
_("Failed to get certificate %s distinguished name: %s"),
|
_("Failed to get certificate %s distinguished name: %s"),
|
||||||
"[session]", gnutls_strerror(ret));
|
"[session]", gnutls_strerror(ret));
|
||||||
goto authfail;
|
goto authfail;
|
||||||
}
|
}
|
||||||
sess->x509dname = g_strdup(dname);
|
sess->x509dname = g_steal_pointer(&dname);
|
||||||
VIR_DEBUG("Peer DN is %s", dname);
|
VIR_DEBUG("Peer DN is %s", dnameptr);
|
||||||
|
|
||||||
if (virNetTLSContextCheckCertDN(cert, "[session]", sess->hostname, dname,
|
if (virNetTLSContextCheckCertDN(cert, "[session]", sess->hostname,
|
||||||
ctxt->x509dnACL) < 0) {
|
dnameptr, ctxt->x509dnACL) < 0) {
|
||||||
gnutls_x509_crt_deinit(cert);
|
gnutls_x509_crt_deinit(cert);
|
||||||
goto authdeny;
|
goto authdeny;
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user