From nobody Sat Nov 15 08:50:43 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1752662495; cv=none; d=zohomail.com; s=zohoarc; b=LuiCr93aSa22oaj/b2bKy13ELdACneFv8GMEFoKl6ku1Tb2xV9uS++tqb6A+0KLeQM8jn9kgRazTvo8ajrKk0PtLN8Z/ye+R5vjmH5nxmZViC1OfN1kcMcIssHTEL+f0WSIL9Mzcx/EQybr/DLT/U6O5yWgwC5Cimof46CcuBQ4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1752662495; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=z0wNxZ0cYw5JwWpC2QgW6kg1eL/yTJiIHUGQzjZYoNs=; b=ILjBhIYoB7hoYcBNPD8VBER59xbV1ku0R14PmN3OnR7ApIfu/j8ZAsDNXJE8jTbjGd2xteWRusq2Sr6Ii+D4eqJsI9scQPdPnHxx6zYsI0i0FPpHpZcecrv09AnIeAebbLID0HiDTlMGw6aRQALnPgal9PIlJWwOeeDxuWKdPNY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1752662495183374.39151748297854; Wed, 16 Jul 2025 03:41:35 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ubzZh-0003CU-FD; Wed, 16 Jul 2025 06:41:21 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ubzP8-0000Fk-P6 for qemu-devel@nongnu.org; Wed, 16 Jul 2025 06:30:31 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ubzP4-0005am-97 for qemu-devel@nongnu.org; Wed, 16 Jul 2025 06:30:26 -0400 Received: from mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-544-T3733gW1NGSPNydm1746Sw-1; Wed, 16 Jul 2025 06:30:16 -0400 Received: from mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.15]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 545B819560B5; Wed, 16 Jul 2025 10:30:15 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.68]) by mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 442041954214; Wed, 16 Jul 2025 10:30:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1752661817; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=z0wNxZ0cYw5JwWpC2QgW6kg1eL/yTJiIHUGQzjZYoNs=; b=hfRcIBwwokAtMcXCMt7oAQOSOiTAtUGTLdki7jNsHuss4/tO8TzpexKfR5t6cQGphOTSWN AiWWTGkLTC/Lb+WLmB8TMHAl4ULA1Chy/CQ3Azj2DPWyAUPRFw5iEYo7mZF8tT29itqwlU r3JVTzlvOyrYUnK23EiPmiMxk8dJzm4= X-MC-Unique: T3733gW1NGSPNydm1746Sw-1 X-Mimecast-MFC-AGG-ID: T3733gW1NGSPNydm1746Sw_1752661815 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Thomas Huth , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Subject: [PULL 1/4] ui: fix setting client_endian field defaults Date: Wed, 16 Jul 2025 11:30:06 +0100 Message-ID: <20250716103009.2047433-2-berrange@redhat.com> In-Reply-To: <20250716103009.2047433-1-berrange@redhat.com> References: <20250716103009.2047433-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.15 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1752662498009116600 When a VNC client sends a "set pixel format" message, the 'client_endian' field will get initialized, however, it is valid to omit this message if the client wants to use the server's native pixel format. In the latter scenario nothing is initializing the 'client_endian' field, so it remains set to 0, matching neither G_LITTLE_ENDIAN nor G_BIG_ENDIAN. This then results in pixel format conversion routines taking the wrong code paths. This problem existed before the 'client_be' flag was changed into the 'client_endian' value, but the lack of initialization meant it semantically defaulted to little endian, so only big endian systems would potentially be exposed to incorrect pixel translation. The 'virt-viewer' / 'remote-viewer' apps always send a "set pixel format" message so aren't exposed to any problems, but the classical 'vncviewer' app will show the problem easily. Fixes: 7ed96710e82c385c6cfc3d064eec7dde20f0f3fd Reported-by: Thomas Huth Reviewed-by: Philippe Mathieu-Daud=C3=A9 Reviewed-by: Marc-Andr=C3=A9 Lureau Signed-off-by: Daniel P. Berrang=C3=A9 --- ui/vnc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ui/vnc.c b/ui/vnc.c index e9c30aad62..a16be468b9 100644 --- a/ui/vnc.c +++ b/ui/vnc.c @@ -2329,6 +2329,7 @@ static void pixel_format_message (VncState *vs) { char pad[3] =3D { 0, 0, 0 }; =20 vs->client_pf =3D qemu_default_pixelformat(32); + vs->client_endian =3D G_BYTE_ORDER; =20 vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */ vnc_write_u8(vs, vs->client_pf.depth); /* depth */ --=20 2.49.0 From nobody Sat Nov 15 08:50:43 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1752662141; cv=none; d=zohomail.com; s=zohoarc; b=lV/oJUGWHIkcjLsrWmkkN1RvS5A0fSK0TOh4TpmRy52021QwGkmIiNI3V8Wvv7rZHE9sCEUHv3HY61HluqU5UVneUXfKdPJ5mShOPSdb5Hr+JZVqWHIFdPjOKHRUljgfe0uCwkq4/oH+q12w+eQcgOUu5QDyPcdFXoqm409wbwE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1752662141; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=UOhlCuEKYr9/tPFw9K8nUAoTkbz7CKklXhlHIsL4KP0=; b=MlUXH4IyYlc/7PIpYePkjUInMw5DWxK8UTXWuT1uplNyj8PSBruYVBDzCeFs8ff3QIjF0banyYmVQLN7/xecQqlXCyEcxO7pA7CI1X31OLVFzf8ez4WWcsZ7pvJta3T3GfgOqZMnudP/c6Kyiqumoh+qZXvSRZn2qJbUm0Ntcco= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1752662141028120.63298028251995; Wed, 16 Jul 2025 03:35:41 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ubzTk-0004Ag-NW; Wed, 16 Jul 2025 06:35:13 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ubzP7-0000FO-5K for qemu-devel@nongnu.org; Wed, 16 Jul 2025 06:30:31 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ubzP4-0005b8-35 for qemu-devel@nongnu.org; Wed, 16 Jul 2025 06:30:24 -0400 Received: from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-554-dw5YvsBgP_apfpMfgs8iyA-1; Wed, 16 Jul 2025 06:30:18 -0400 Received: from mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.15]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 7457D1800D89; Wed, 16 Jul 2025 10:30:17 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.68]) by mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id ECC121954216; Wed, 16 Jul 2025 10:30:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1752661821; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=UOhlCuEKYr9/tPFw9K8nUAoTkbz7CKklXhlHIsL4KP0=; b=csja2MJWQmwjeh00yT7IvQeQEzvQabBc1iLjPb9EsSJk1DqwLDaZe2BB1/wxn5kZIvOILk yFxm2B8oklOgmcfEM7j6s0yFaaxjSdSZJRnkB96DAiZcWnUKpb/PpiyeA5gGiEf9Xvdoo/ 8AUJo2RMGwf1KJaNisjZ6Y65hg9oDhA= X-MC-Unique: dw5YvsBgP_apfpMfgs8iyA-1 X-Mimecast-MFC-AGG-ID: dw5YvsBgP_apfpMfgs8iyA_1752661817 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Subject: [PULL 2/4] ui: add trace events for all client messages Date: Wed, 16 Jul 2025 11:30:07 +0100 Message-ID: <20250716103009.2047433-3-berrange@redhat.com> In-Reply-To: <20250716103009.2047433-1-berrange@redhat.com> References: <20250716103009.2047433-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.15 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1752662142420116600 This lets us see the full flow of RFB messages received from the client. Reviewed-by: Philippe Mathieu-Daud=C3=A9 Reviewed-by: Marc-Andr=C3=A9 Lureau Signed-off-by: Daniel P. Berrang=C3=A9 --- ui/trace-events | 14 +++++++++++++ ui/vnc.c | 52 +++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+) diff --git a/ui/trace-events b/ui/trace-events index 3da0d5e280..3eba9ca3a8 100644 --- a/ui/trace-events +++ b/ui/trace-events @@ -48,13 +48,27 @@ vnc_msg_server_ext_desktop_resize(void *state, void *io= c, int width, int height, vnc_msg_client_audio_enable(void *state, void *ioc) "VNC client msg audio = enable state=3D%p ioc=3D%p" vnc_msg_client_audio_disable(void *state, void *ioc) "VNC client msg audio= disable state=3D%p ioc=3D%p" vnc_msg_client_audio_format(void *state, void *ioc, int fmt, int channels,= int freq) "VNC client msg audio format state=3D%p ioc=3D%p fmt=3D%d channe= ls=3D%d freq=3D%d" +vnc_msg_client_cut_text(void *state, void *ioc, int len) "VNC client msg c= ut text state=3D%p ioc=3D%p len=3D%u" +vnc_msg_client_cut_text_ext(void *state, void *ioc, int len, int flags) "V= NC client msg cut text state=3D%p ioc=3D%p len=3D%u flags=3D%u" +vnc_msg_client_ext_key_event(void *state, void *ioc, int down, int sym, in= t keycode) "VNC client msg ext key event state=3D%p ioc=3D%p down=3D%u sym= =3D%u keycode=3D%u" +vnc_msg_client_framebuffer_update_request(void *state, void *ioc, int incr= emental, int x, int y, int w, int h) "VNC client msg framebuffer update req= uest state=3D%p ioc=3D%p incremental=3D%u x=3D%u y=3D%u w=3D%u h=3D%u" +vnc_msg_client_key_event(void *state, void *ioc, int down, int sym) "VNC c= lient msg key event state=3D%p ioc=3D%p down=3D%u sym=3D%u" +vnc_msg_client_pointer_event(void *state, void *ioc, int button_mask, int = x, int y) "VNC client msg pointer event state=3D%p ioc=3D%p button_mask=3D%= u x=3D%u y=3D%u" vnc_msg_client_set_desktop_size(void *state, void *ioc, int width, int hei= ght, int screens) "VNC client msg set desktop size state=3D%p ioc=3D%p siz= e=3D%dx%d screens=3D%d" +vnc_msg_client_set_encodings(void *state, void *ioc, int limit) "VNC clien= t msg set encodings state=3D%p ioc=3D%p limit=3D%u" +vnc_msg_client_set_pixel_format(void *state, void *ioc, int bpp, int big_e= ndian, int true_color) "VNC client msg set pixel format state=3D%p ioc=3D%p= bpp=3D%u big_endian=3D%u true_color=3D%u" +vnc_msg_client_set_pixel_format_rgb(void *state, void *ioc, int red_max, i= nt green_max, int blue_max, int red_shift, int green_shift, int blue_shift)= "VNC client msg set pixel format RGB state=3D%p ioc=3D%p red_max=3D%u gree= n_max=3D%u blue_max=3D%u red_shift=3D%u green_shift=3D%u blue_shift=3D%u" +vnc_msg_client_xvp(void *state, void *ioc, int version, int action) "VNC c= lient msg XVP state=3D%p ioc=3D%p version=3D%u action=3D%u" vnc_client_eof(void *state, void *ioc) "VNC client EOF state=3D%p ioc=3D%p" vnc_client_io_error(void *state, void *ioc, const char *msg) "VNC client I= /O error state=3D%p ioc=3D%p errmsg=3D%s" vnc_client_connect(void *state, void *ioc) "VNC client connect state=3D%p = ioc=3D%p" vnc_client_disconnect_start(void *state, void *ioc) "VNC client disconnect= start state=3D%p ioc=3D%p" vnc_client_disconnect_finish(void *state, void *ioc) "VNC client disconnec= t finish state=3D%p ioc=3D%p" vnc_client_io_wrap(void *state, void *ioc, const char *type) "VNC client I= /O wrap state=3D%p ioc=3D%p type=3D%s" +vnc_client_pixel_format(void *state, void *ioc, int bpp, int depth, int en= dian) "VNC client pixel format state=3D%p ioc=3D%p bpp=3D%u depth=3D%u endi= an=3D%u" +vnc_client_pixel_format_red(void *state, void *ioc, int max, int bits, int= shift, int mask) "VNC client pixel format red state=3D%p ioc=3D%p max=3D%u= bits=3D%u shift=3D%u mask=3D%u" +vnc_client_pixel_format_green(void *state, void *ioc, int max, int bits, i= nt shift, int mask) "VNC client pixel format green state=3D%p ioc=3D%p max= =3D%u bits=3D%u shift=3D%u mask=3D%u" +vnc_client_pixel_format_blue(void *state, void *ioc, int max, int bits, in= t shift, int mask) "VNC client pixel format blue state=3D%p ioc=3D%p max=3D= %u bits=3D%u shift=3D%u mask=3D%u" vnc_client_throttle_threshold(void *state, void *ioc, size_t oldoffset, si= ze_t offset, int client_width, int client_height, int bytes_per_pixel, void= *audio_cap) "VNC client throttle threshold state=3D%p ioc=3D%p oldoffset= =3D%zu newoffset=3D%zu width=3D%d height=3D%d bpp=3D%d audio=3D%p" vnc_client_throttle_incremental(void *state, void *ioc, int job_update, si= ze_t offset) "VNC client throttle incremental state=3D%p ioc=3D%p job-updat= e=3D%d offset=3D%zu" vnc_client_throttle_forced(void *state, void *ioc, int job_update, size_t = offset) "VNC client throttle forced state=3D%p ioc=3D%p job-update=3D%d off= set=3D%zu" diff --git a/ui/vnc.c b/ui/vnc.c index a16be468b9..c309882ddb 100644 --- a/ui/vnc.c +++ b/ui/vnc.c @@ -2314,6 +2314,25 @@ static void set_pixel_format(VncState *vs, int bits_= per_pixel, vs->client_pf.bytes_per_pixel =3D bits_per_pixel / 8; vs->client_pf.depth =3D bits_per_pixel =3D=3D 32 ? 24 : bits_per_pixel; vs->client_endian =3D big_endian_flag ? G_BIG_ENDIAN : G_LITTLE_ENDIAN; + trace_vnc_client_pixel_format(vs, vs->ioc, + vs->client_pf.bits_per_pixel, + vs->client_pf.depth, + vs->client_endian); + trace_vnc_client_pixel_format_red(vs, vs->ioc, + vs->client_pf.rmax, + vs->client_pf.rbits, + vs->client_pf.rshift, + vs->client_pf.rmask); + trace_vnc_client_pixel_format_green(vs, vs->ioc, + vs->client_pf.gmax, + vs->client_pf.gbits, + vs->client_pf.gshift, + vs->client_pf.gmask); + trace_vnc_client_pixel_format_blue(vs, vs->ioc, + vs->client_pf.bmax, + vs->client_pf.bbits, + vs->client_pf.bshift, + vs->client_pf.bmask); =20 if (!true_color_flag) { send_color_map(vs); @@ -2388,6 +2407,17 @@ static int protocol_client_msg(VncState *vs, uint8_t= *data, size_t len) if (len =3D=3D 1) return 20; =20 + trace_vnc_msg_client_set_pixel_format(vs, vs->ioc, + read_u8(data, 4), + read_u8(data, 6), + read_u8(data, 7)); + trace_vnc_msg_client_set_pixel_format_rgb(vs, vs->ioc, + read_u16(data, 8), + read_u16(data, 10), + read_u16(data, 12), + read_u8(data, 14), + read_u8(data, 15), + read_u8(data, 16)); set_pixel_format(vs, read_u8(data, 4), read_u8(data, 6), read_u8(data, 7), read_u16(data, 8), read_u16(data, 10), @@ -2410,12 +2440,19 @@ static int protocol_client_msg(VncState *vs, uint8_= t *data, size_t len) memcpy(data + 4 + (i * 4), &val, sizeof(val)); } =20 + trace_vnc_msg_client_set_encodings(vs, vs->ioc, limit); set_encodings(vs, (int32_t *)(data + 4), limit); break; case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST: if (len =3D=3D 1) return 10; =20 + trace_vnc_msg_client_framebuffer_update_request(vs, vs->ioc, + read_u8(data, 1), + read_u16(data, 2), + read_u16(data, 4), + read_u16(data, 6), + read_u16(data, 8)); framebuffer_update_request(vs, read_u8(data, 1), read_u16(data, 2), re= ad_u16(data, 4), read_u16(data, 6), read_u16(data, 8)); @@ -2424,12 +2461,19 @@ static int protocol_client_msg(VncState *vs, uint8_= t *data, size_t len) if (len =3D=3D 1) return 8; =20 + trace_vnc_msg_client_key_event(vs, vs->ioc, + read_u8(data, 1), + read_u32(data, 4)); key_event(vs, read_u8(data, 1), read_u32(data, 4)); break; case VNC_MSG_CLIENT_POINTER_EVENT: if (len =3D=3D 1) return 6; =20 + trace_vnc_msg_client_pointer_event(vs, vs->ioc, + read_u8(data, 1), + read_u16(data, 2), + read_u16(data, 4)); pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(da= ta, 4)); break; case VNC_MSG_CLIENT_CUT_TEXT: @@ -2461,9 +2505,12 @@ static int protocol_client_msg(VncState *vs, uint8_t= *data, size_t len) vnc_client_error(vs); break; } + trace_vnc_msg_client_cut_text_ext(vs, vs->ioc, + dlen, read_u32(data, 8)); vnc_client_cut_text_ext(vs, dlen, read_u32(data, 8), data + 12= ); break; } + trace_vnc_msg_client_cut_text(vs, vs->ioc, read_u32(data, 4)); vnc_client_cut_text(vs, read_u32(data, 4), data + 8); break; case VNC_MSG_CLIENT_XVP: @@ -2478,6 +2525,7 @@ static int protocol_client_msg(VncState *vs, uint8_t = *data, size_t len) if (len =3D=3D 4) { uint8_t version =3D read_u8(data, 2); uint8_t action =3D read_u8(data, 3); + trace_vnc_msg_client_xvp(vs, vs->ioc, version, action); =20 if (version !=3D 1) { error_report("vnc: xvp client message version %d !=3D 1", @@ -2511,6 +2559,10 @@ static int protocol_client_msg(VncState *vs, uint8_t= *data, size_t len) if (len =3D=3D 2) return 12; =20 + trace_vnc_msg_client_ext_key_event(vs, vs->ioc, + read_u16(data, 2), + read_u32(data, 4), + read_u32(data, 8)); ext_key_event(vs, read_u16(data, 2), read_u32(data, 4), read_u32(data, 8)); break; --=20 2.49.0 From nobody Sat Nov 15 08:50:43 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1752662152; cv=none; d=zohomail.com; s=zohoarc; b=k7YHW6Gb5k0aDKkUs2V20LoNw6UZamqApR48zRMJ8BqUtlAYhZHHYumvHqsBR+WXTBgVfkDH88Qa7FKaN1ngKdvxIQrBocHTdt8szQxW4iy0/LNUyQyt5ck1zNwl+bUPyF5QHMuCYk8hfvHDyQ8BkMpCY8q7Ie8hJD7hKY84Y1s= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1752662152; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=srjPeL4fPO+OUjPtYdfExNUSdE3G2GNtD7kVnIHeQFc=; b=AAmNnVW9Hvs8ZUTpCU7r4aZ4AHOWKZ17h9+3hNyay6bTkqwLl4dSZKvA42wdPynUDwQ4xH9vq2VnYk6ZlckJS9bdtIIL0yeikBa8E41wrUVAJnG2GdFuGz+RzyGUOtgjmxe2/6OSO4Zv4h6KTUO2+hRLwF55Xe7i87Dv0EQ2E30= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1752662151991768.3919622215425; Wed, 16 Jul 2025 03:35:51 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ubzTn-0004Ga-Ie; Wed, 16 Jul 2025 06:35:15 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ubzP9-0000GL-OC for qemu-devel@nongnu.org; Wed, 16 Jul 2025 06:30:31 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ubzP5-0005bv-VX for qemu-devel@nongnu.org; Wed, 16 Jul 2025 06:30:26 -0400 Received: from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-295-5KOER4fqN2unBz6GN0p-9A-1; Wed, 16 Jul 2025 06:30:20 -0400 Received: from mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.15]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id C8EA51800C31; Wed, 16 Jul 2025 10:30:19 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.68]) by mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 0CE131954215; Wed, 16 Jul 2025 10:30:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1752661822; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=srjPeL4fPO+OUjPtYdfExNUSdE3G2GNtD7kVnIHeQFc=; b=c2OtDwik9AL//o1NUEPYAck45btqU7MC/oKGmIYCoeRZyfFKUElaTEkzua4aCJg1iHBlGh oFYcNsJROjqepBVpJUyHZ7MP4Ch0oEPpUczCGxw5KMD4mjbJY2a4CrOJtA/mO8u2r3nFcR GIWUNYVLcA6Q9At4A5CUcHUjxdeTtqE= X-MC-Unique: 5KOER4fqN2unBz6GN0p-9A-1 X-Mimecast-MFC-AGG-ID: 5KOER4fqN2unBz6GN0p-9A_1752661820 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Peter Maydell Subject: [PULL 3/4] crypto/x509-utils: Check for error from gnutls_x509_crt_init() Date: Wed, 16 Jul 2025 11:30:08 +0100 Message-ID: <20250716103009.2047433-4-berrange@redhat.com> In-Reply-To: <20250716103009.2047433-1-berrange@redhat.com> References: <20250716103009.2047433-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.15 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1752662155023116600 From: Peter Maydell Coverity notes that in qcrypto_get_x509_cert_fingerprint() we call gnutls_x509_crt_init() but don't check for an error return. Add the missing check. Coverity: CID 1593155 Fixes: 10a1d34fc0d ("crypto: Introduce x509 utils") Signed-off-by: Peter Maydell Reviewed-by: Daniel P. Berrang=C3=A9 Signed-off-by: Daniel P. Berrang=C3=A9 --- crypto/x509-utils.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/crypto/x509-utils.c b/crypto/x509-utils.c index 8bad00a51b..39bb6d4d8c 100644 --- a/crypto/x509-utils.c +++ b/crypto/x509-utils.c @@ -46,7 +46,11 @@ int qcrypto_get_x509_cert_fingerprint(uint8_t *cert, siz= e_t size, return -1; } =20 - gnutls_x509_crt_init(&crt); + if (gnutls_x509_crt_init(&crt) < 0) { + error_setg(errp, "Unable to initialize certificate: %s", + gnutls_strerror(ret)); + return -1; + } =20 if (gnutls_x509_crt_import(crt, &datum, GNUTLS_X509_FMT_PEM) !=3D 0) { error_setg(errp, "Failed to import certificate"); --=20 2.49.0 From nobody Sat Nov 15 08:50:43 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1752662130; cv=none; d=zohomail.com; s=zohoarc; b=MLCa8GzWR9aqQHsXgWMtl6mbST0mhbCVQ0VxH8SjtYRNaZP0SIf84A/aPG7sNWyK0AZ5Iu+2eYXcuXbJeFxciFYmSFIDmF0hbkaQulk07Rr79899ftPHp/deTArdG4VM2a+EPf8LjZbJf9gwpHVZPmtXspSQf7GcjT5qWGYbTWQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1752662130; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=l2rYVYVs6sXy1gz4yL8gzBsPaxm//UYf+b2pevdPpx8=; b=WvtgKLQFXyD/QMSeGjSZ5qBwwi7CFJaU7kbeutMV0yz1me9GnMTYU49A2SVFsnspGGXaCNCX+/sEtsksBR8O64O+Le1Kb+QmN4O8c00dItmNRwtuBcksuNEPO+MtGtjF4jpR9w9HFNJs7z7rf6D87+MESsnEYV0nIAUARcbQ9NI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1752662130601115.23935176995701; Wed, 16 Jul 2025 03:35:30 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ubzTo-0004J1-IK; Wed, 16 Jul 2025 06:35:16 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ubzPA-0000GU-DF for qemu-devel@nongnu.org; Wed, 16 Jul 2025 06:30:31 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ubzP7-0005cO-T1 for qemu-devel@nongnu.org; Wed, 16 Jul 2025 06:30:28 -0400 Received: from mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-179-IUhhF_5_MFaXFpBTyW00Eg-1; Wed, 16 Jul 2025 06:30:22 -0400 Received: from mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.15]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id DBD7119560A1; Wed, 16 Jul 2025 10:30:21 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.68]) by mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 500081954214; Wed, 16 Jul 2025 10:30:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1752661824; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=l2rYVYVs6sXy1gz4yL8gzBsPaxm//UYf+b2pevdPpx8=; b=Tp8xy4pJybNGjr+GerTGKZgc4ZmKySraMobr9xULHxSMkeALGSQRpbvWTweZ5FBTX3BL2i oqY/YeeGNfL6epEKy/FUYCBBj+GpthYY7uhFa6LSbS/N4FvI0mUK9p4EJ+yC4ljdSNFuF0 qy8yKLPt2scBnnC4m/NTzLcaBYIbPNU= X-MC-Unique: IUhhF_5_MFaXFpBTyW00Eg-1 X-Mimecast-MFC-AGG-ID: IUhhF_5_MFaXFpBTyW00Eg_1752661822 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , Henry Kleynhans Subject: [PULL 4/4] crypto: load all certificates in X509 CA file Date: Wed, 16 Jul 2025 11:30:09 +0100 Message-ID: <20250716103009.2047433-5-berrange@redhat.com> In-Reply-To: <20250716103009.2047433-1-berrange@redhat.com> References: <20250716103009.2047433-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.15 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1752662132440116600 From: Henry Kleynhans Some CA files may contain multiple intermediaries and roots of trust. These may not fit into the hard-coded limit of 16. Extend the validation code to allocate enough space to load all of the certificates present in the CA file and ensure they are cleaned up. Reviewed-by: Daniel P. Berrang=C3=A9 Signed-off-by: Henry Kleynhans [DB: drop MAX_CERTS constant & whitespace tweaks] Signed-off-by: Daniel P. Berrang=C3=A9 --- crypto/tlscredsx509.c | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/crypto/tlscredsx509.c b/crypto/tlscredsx509.c index 63a72fe47c..143a4caef2 100644 --- a/crypto/tlscredsx509.c +++ b/crypto/tlscredsx509.c @@ -426,9 +426,8 @@ qcrypto_tls_creds_load_cert(QCryptoTLSCredsX509 *creds, static int qcrypto_tls_creds_load_ca_cert_list(QCryptoTLSCredsX509 *creds, const char *certFile, - gnutls_x509_crt_t *certs, - unsigned int certMax, - size_t *ncerts, + gnutls_x509_crt_t **certs, + unsigned int *ncerts, Error **errp) { gnutls_datum_t data; @@ -449,20 +448,18 @@ qcrypto_tls_creds_load_ca_cert_list(QCryptoTLSCredsX5= 09 *creds, data.data =3D (unsigned char *)buf; data.size =3D strlen(buf); =20 - if (gnutls_x509_crt_list_import(certs, &certMax, &data, - GNUTLS_X509_FMT_PEM, 0) < 0) { + if (gnutls_x509_crt_list_import2(certs, ncerts, &data, + GNUTLS_X509_FMT_PEM, 0) < 0) { error_setg(errp, "Unable to import CA certificate list %s", certFile); return -1; } - *ncerts =3D certMax; =20 return 0; } =20 =20 -#define MAX_CERTS 16 static int qcrypto_tls_creds_x509_sanity_check(QCryptoTLSCredsX509 *creds, bool isServer, @@ -471,12 +468,11 @@ qcrypto_tls_creds_x509_sanity_check(QCryptoTLSCredsX5= 09 *creds, Error **errp) { gnutls_x509_crt_t cert =3D NULL; - gnutls_x509_crt_t cacerts[MAX_CERTS]; - size_t ncacerts =3D 0; + gnutls_x509_crt_t *cacerts =3D NULL; + unsigned int ncacerts =3D 0; size_t i; int ret =3D -1; =20 - memset(cacerts, 0, sizeof(cacerts)); if (certFile && access(certFile, R_OK) =3D=3D 0) { cert =3D qcrypto_tls_creds_load_cert(creds, @@ -488,8 +484,9 @@ qcrypto_tls_creds_x509_sanity_check(QCryptoTLSCredsX509= *creds, } if (access(cacertFile, R_OK) =3D=3D 0) { if (qcrypto_tls_creds_load_ca_cert_list(creds, - cacertFile, cacerts, - MAX_CERTS, &ncacerts, + cacertFile, + &cacerts, + &ncacerts, errp) < 0) { goto cleanup; } @@ -526,6 +523,8 @@ qcrypto_tls_creds_x509_sanity_check(QCryptoTLSCredsX509= *creds, for (i =3D 0; i < ncacerts; i++) { gnutls_x509_crt_deinit(cacerts[i]); } + gnutls_free(cacerts); + return ret; } =20 --=20 2.49.0