[PATCH 4/5] virNetLibsshSessionAuthAddPasswordAuth: Don't access unlocked 'sess'
Peter Krempa
pkrempa at redhat.com
Mon Jan 23 16:08:54 UTC 2023
'sess->authPath' is modified before locking the 'sess' object.
Additionally on failure of 'virAuthGetConfigFilePathURI' 'sess' would be
unlocked even when it was not yet locked.
Fixes: 6917467c2b0e8f655999f3e568708c4651811689
Signed-off-by: Peter Krempa <pkrempa at redhat.com>
---
src/rpc/virnetlibsshsession.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/rpc/virnetlibsshsession.c b/src/rpc/virnetlibsshsession.c
index 8de7c86a41..d2e9e20ff2 100644
--- a/src/rpc/virnetlibsshsession.c
+++ b/src/rpc/virnetlibsshsession.c
@@ -846,16 +846,17 @@ virNetLibsshSessionAuthAddPasswordAuth(virNetLibsshSession *sess,
int ret;
virNetLibsshAuthMethod *auth;
+ virObjectLock(sess);
+
if (uri) {
VIR_FREE(sess->authPath);
if (virAuthGetConfigFilePathURI(uri, &sess->authPath) < 0) {
- ret = -1;
- goto cleanup;
+ virObjectUnlock(sess);
+ return -1;
}
}
- virObjectLock(sess);
if (!(auth = virNetLibsshSessionAuthMethodNew(sess))) {
ret = -1;
--
2.38.1
More information about the libvir-list
mailing list