[libvirt] [PATCH 2/2] rpc: libssh2: Fix regression in ssh host key verification

Fri Oct 2 13:54:07 UTC 2015

Commit 792f81a40e caused a regression in the libssh2 host key
verification code by changing the variable type of 'i' to unsigned.
Since one of the loops used -1 as a special value if the asking
callback was found the conversion made a subsequent test always fail.

The bug was stealth enough to pass review, compilers and coverity.

Refactor the condition to avoid problems.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1047861
---
 src/rpc/virnetsshsession.c | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/src/rpc/virnetsshsession.c b/src/rpc/virnetsshsession.c
index becdf6e..406a831 100644
--- a/src/rpc/virnetsshsession.c
+++ b/src/rpc/virnetsshsession.c
@@ -344,16 +344,14 @@ virNetSSHCheckHostKey(virNetSSHSessionPtr sess)
             memset(&askKey, 0, sizeof(virConnectCredential));

             for (i = 0; i < sess->cred->ncredtype; i++) {
-                if (sess->cred->credtype[i] == VIR_CRED_ECHOPROMPT) {
-                    i = -1;
+                if (sess->cred->credtype[i] == VIR_CRED_ECHOPROMPT)
                     break;
-                }
             }

-            if (i > 0) {
+            if (i == sess->cred->ncredtype) {
                 virReportError(VIR_ERR_SSH, "%s",
-                               _("no suitable method to retrieve "
-                                 "authentication credentials"));
+                               _("no suitable callback for host key "
+                                 "verification"));
                 return -1;
             }

-- 
2.4.5


