From: Peter Krempa <pkrempa@redhat.com>
Date: Fri, 2 Oct 2015 13:49:01 +0000 (+0200)
Subject: rpc: libssh2: Fix regression in ssh host key verification
X-Git-Tag: v1.2.21-rc1~132
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9869f24d08af1f0d5f45175117953704064556c2;p=thirdparty%2Flibvirt.git

rpc: libssh2: Fix regression in ssh host key verification

Commit 792f81a40e caused a regression in the libssh2 host key
verification code by changing the variable type of 'i' to unsigned.
Since one of the loops used -1 as a special value if the asking
callback was found the conversion made a subsequent test always fail.

The bug was stealth enough to pass review, compilers and coverity.

Refactor the condition to avoid problems.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1047861
---

diff --git a/src/rpc/virnetsshsession.c b/src/rpc/virnetsshsession.c
index becdf6e847..406a8314b5 100644
--- a/src/rpc/virnetsshsession.c
+++ b/src/rpc/virnetsshsession.c
@@ -344,16 +344,14 @@ virNetSSHCheckHostKey(virNetSSHSessionPtr sess)
             memset(&askKey, 0, sizeof(virConnectCredential));
 
             for (i = 0; i < sess->cred->ncredtype; i++) {
-                if (sess->cred->credtype[i] == VIR_CRED_ECHOPROMPT) {
-                    i = -1;
+                if (sess->cred->credtype[i] == VIR_CRED_ECHOPROMPT)
                     break;
-                }
             }
 
-            if (i > 0) {
+            if (i == sess->cred->ncredtype) {
                 virReportError(VIR_ERR_SSH, "%s",
-                               _("no suitable method to retrieve "
-                                 "authentication credentials"));
+                               _("no suitable callback for host key "
+                                 "verification"));
                 return -1;
             }