From nobody Sun Feb 8 23:05:28 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1636643231; cv=none; d=zohomail.com; s=zohoarc; b=Jx3SzrqY3QAcIuEOVgfUZs92iI3cxUqwRO4Tm3aDYJ0sCuNZtk6EFn7eGTg1vxdfuRODzzqtAoE6xobR9dIhP4JokFwoVsM0+sFso1ZbbbqjZgE0Z+00Xpzxjp45HDJKHRXtih+OKi416+gV1qzBW3IClqhQ8VNECvkhh1H/mJc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1636643231; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=PekYl3PY9SZtnc2/tHdttngYlMI5ESbjjsDmhI8x+hc=; b=QFzQ+kOcZp5uOLvC/vKXhUzK/sWysDibDgL3VqDsYHzulzTfHBBNW5MmYCLOERg55j0LsHVTVvKVhxgTZ9ZIfz/A2Pl0Ovw8nM8rCvCtu7F0QdCPUQH2CbXcwcf5Q/vPj1eEIB9VJ868lv9k860aLL0gVZDjn+hZkXn9oeg9lkI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1636643231001736.2910238562691; Thu, 11 Nov 2021 07:07:11 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-441-qc6qYkb0MKSWQnPnUscZhg-1; Thu, 11 Nov 2021 10:07:06 -0500 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 5E183871803; Thu, 11 Nov 2021 15:07:01 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 0D0435DA60; Thu, 11 Nov 2021 15:07:01 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id AC7CE1800FDD; Thu, 11 Nov 2021 15:07:00 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com [10.11.54.2]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 1ABF6wN0004508 for ; Thu, 11 Nov 2021 10:06:58 -0500 Received: by smtp.corp.redhat.com (Postfix) id 8ECA5400E113; Thu, 11 Nov 2021 15:06:58 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast06.extmail.prod.ext.rdu2.redhat.com [10.11.55.22]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 89234400E112 for ; Thu, 11 Nov 2021 15:06:58 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 6EC49181E076 for ; Thu, 11 Nov 2021 15:06:58 +0000 (UTC) Received: from mail-wr1-f69.google.com (mail-wr1-f69.google.com [209.85.221.69]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-481-_H1gY2JPMrypJKdOs7nQAA-1; Thu, 11 Nov 2021 10:06:57 -0500 Received: by mail-wr1-f69.google.com with SMTP id f3-20020a5d50c3000000b00183ce1379feso1049135wrt.5 for ; Thu, 11 Nov 2021 07:06:56 -0800 (PST) Received: from wheatley.localdomain (nat-pool-brq-t.redhat.com. [213.175.37.10]) by smtp.gmail.com with ESMTPSA id h1sm3128703wmb.7.2021.11.11.07.06.55 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 11 Nov 2021 07:06:55 -0800 (PST) Received: from wheatley.redhat.com (wheatley.k8r.cz [127.0.0.1]) by wheatley.localdomain (Postfix) with ESMTP id B5E4C1BBF2C1 for ; Thu, 11 Nov 2021 16:06:54 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1636643230; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=PekYl3PY9SZtnc2/tHdttngYlMI5ESbjjsDmhI8x+hc=; b=Zi7pH911SDBpx46Z88O8U+oYbtz6jk5+X5uRwzTuntLaQ22Q0yqZ213CP3Nygn8TYPCqTY ik2yjiSUEPLMVwcxh+P8RbXZEtYZXsnRU+d/zKTJxagPHZt+dCFg6XFBbmW+xYhlJHc2/R Rbvk40GJQ5nE9KmkrleQOWA6jCzZJ8s= X-MC-Unique: qc6qYkb0MKSWQnPnUscZhg-1 X-MC-Unique: _H1gY2JPMrypJKdOs7nQAA-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=PekYl3PY9SZtnc2/tHdttngYlMI5ESbjjsDmhI8x+hc=; b=CTB51dKTy0NMgs00r8unNWtUCYlqDADSgzHBOaAOccHgM9j4bjoveScBkVwnssnru+ nSfaWIvh2WRMDplAENqroWgpCbfpcbM0WoxrPsr2eovrkl8vCuYwWxITODubn0Bb8VmY 5K6veFIWKNqx8qaBrE31c95rVQGMsQu0zAaK3He/HmPOa0O4N1wWw1Hmc1oxwaya3euq SEdu53MW5iLDON1uMH+u1IAQLgn+7nYqXZBBfwGyJTbvJeZVith1vuJDZdsIgkX8Eckg vE+cys8g3a63ZAWaMrf30U065VLV1pQx6L9Fug+XYC+S7xmdNWKKzELV4hSOMW4I2sbS 9cuQ== X-Gm-Message-State: AOAM532Njt1uBpf/ShVq73BLVJaseyOcIAxEBJIQsxQhlHxADrndvVWE yREQQ5CAKuJ2iJCHgsDPHvKifm0YeQAgFgjnNsz6d9E4nc1lqQWBeZRKv5Pi6Yv6728457NDbsS 6lTt9wa+VlcvcGwqPdz8wREpMcQ8qDbZD+aYxQXZZJA3xdGu0+ClExLLq/5u1MkrQZJEYVUs= X-Received: by 2002:a7b:c38b:: with SMTP id s11mr27160691wmj.29.1636643216028; Thu, 11 Nov 2021 07:06:56 -0800 (PST) X-Google-Smtp-Source: ABdhPJxlcUKm3OZMXfza4SOiz60VcHpaXlOtebIN0EmDr0hOY2wgjtHzhNA5PX0xL1lybfq9UAdr4A== X-Received: by 2002:a7b:c38b:: with SMTP id s11mr27160655wmj.29.1636643215779; Thu, 11 Nov 2021 07:06:55 -0800 (PST) From: Martin Kletzander To: libvir-list@redhat.com Subject: [PATCH 1/6] rpc: Resize dname for longer DN from TLS certs Date: Thu, 11 Nov 2021 16:06:41 +0100 Message-Id: <278b8093d6df975dc0b2729a0165426e720220c6.1636643087.git.mkletzan@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.11.54.2 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1636643259638100001 Content-Type: text/plain; charset="utf-8" And to make that easier, allocate it on the heap. Signed-off-by: Martin Kletzander --- src/rpc/virnettlscontext.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/src/rpc/virnettlscontext.c b/src/rpc/virnettlscontext.c index 1340faa22485..3babf3ee4dc3 100644 --- a/src/rpc/virnettlscontext.c +++ b/src/rpc/virnettlscontext.c @@ -980,11 +980,9 @@ static int virNetTLSContextValidCertificate(virNetTLSC= ontext *ctxt, const gnutls_datum_t *certs; unsigned int nCerts; size_t i; - char dname[256]; + size_t dnamesize =3D 256; + g_autofree char *dname =3D g_new0(char, dnamesize); char *dnameptr =3D dname; - size_t dnamesize =3D sizeof(dname); - - memset(dname, 0, dnamesize); =20 if ((ret =3D gnutls_certificate_verify_peers2(sess->session, &status))= < 0) { virReportError(VIR_ERR_SYSTEM_ERROR, @@ -1050,17 +1048,23 @@ static int virNetTLSContextValidCertificate(virNetT= LSContext *ctxt, =20 if (i =3D=3D 0) { ret =3D gnutls_x509_crt_get_dn(cert, dname, &dnamesize); + if (ret =3D=3D GNUTLS_E_SHORT_MEMORY_BUFFER) { + VIR_DEBUG("Reallocating dname to fit %zu bytes", dnamesize= ); + dname =3D g_realloc(dname, dnamesize); + dnameptr =3D dname; + ret =3D gnutls_x509_crt_get_dn(cert, dname, &dnamesize); + } if (ret !=3D 0) { virReportError(VIR_ERR_SYSTEM_ERROR, _("Failed to get certificate %s distinguish= ed name: %s"), "[session]", gnutls_strerror(ret)); goto authfail; } - sess->x509dname =3D g_strdup(dname); - VIR_DEBUG("Peer DN is %s", dname); + sess->x509dname =3D g_steal_pointer(&dname); + VIR_DEBUG("Peer DN is %s", dnameptr); =20 - if (virNetTLSContextCheckCertDN(cert, "[session]", sess->hostn= ame, dname, - ctxt->x509dnACL) < 0) { + if (virNetTLSContextCheckCertDN(cert, "[session]", sess->hostn= ame, + dnameptr, ctxt->x509dnACL) < 0= ) { gnutls_x509_crt_deinit(cert); goto authdeny; } --=20 2.33.1