External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-12-25 23:25:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

remote: Don't leak gnutls session on negotiation error

Browse Source
This commit is contained in:
Matthias Bolte 2011-03-26 16:43:44 +01:00
parent 42a0fc39c1
commit 4cb5044dcb
1 changed files with 17 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
src/remote/remote_driver.c
View File

@ -1331,6 +1331,7 @@ negotiate_gnutls_on_connection (virConnectPtr conn,
GNUTLS_CRT_OPENPGP, GNUTLS_CRT_OPENPGP,
0 0
}; };
bool success = false;
int err; int err;
gnutls_session_t session; gnutls_session_t session;
@ -1350,7 +1351,7 @@ negotiate_gnutls_on_connection (virConnectPtr conn,
remoteError(VIR_ERR_GNUTLS_ERROR, remoteError(VIR_ERR_GNUTLS_ERROR,
_("unable to set TLS algorithm priority: %s"), _("unable to set TLS algorithm priority: %s"),
gnutls_strerror (err)); gnutls_strerror (err));
return NULL; goto cleanup;
} }
err = err =
gnutls_certificate_type_set_priority (session, gnutls_certificate_type_set_priority (session,
@ -1359,7 +1360,7 @@ negotiate_gnutls_on_connection (virConnectPtr conn,
remoteError(VIR_ERR_GNUTLS_ERROR, remoteError(VIR_ERR_GNUTLS_ERROR,
_("unable to set certificate priority: %s"), _("unable to set certificate priority: %s"),
gnutls_strerror (err)); gnutls_strerror (err));
return NULL; goto cleanup;
} }
/* put the x509 credentials to the current session /* put the x509 credentials to the current session
@ -1369,7 +1370,7 @@ negotiate_gnutls_on_connection (virConnectPtr conn,
remoteError(VIR_ERR_GNUTLS_ERROR, remoteError(VIR_ERR_GNUTLS_ERROR,
_("unable to set session credentials: %s"), _("unable to set session credentials: %s"),
gnutls_strerror (err)); gnutls_strerror (err));
return NULL; goto cleanup;
} }
gnutls_transport_set_ptr (session, gnutls_transport_set_ptr (session,
@ -1391,13 +1392,14 @@ negotiate_gnutls_on_connection (virConnectPtr conn,
remoteError(VIR_ERR_GNUTLS_ERROR, remoteError(VIR_ERR_GNUTLS_ERROR,
_("unable to complete TLS handshake: %s"), _("unable to complete TLS handshake: %s"),
gnutls_strerror (err)); gnutls_strerror (err));
return NULL; goto cleanup;
} }
/* Verify certificate. */ /* Verify certificate. */
if (verify_certificate (conn, priv, session) == -1) { if (verify_certificate (conn, priv, session) == -1) {
VIR_DEBUG0("failed to verify peer's certificate"); VIR_DEBUG0("failed to verify peer's certificate");
if (!no_verify) return NULL; if (!no_verify)
goto cleanup;
} }
/* At this point, the server is verifying _our_ certificate, IP address, /* At this point, the server is verifying _our_ certificate, IP address,
@ -1413,13 +1415,13 @@ negotiate_gnutls_on_connection (virConnectPtr conn,
remoteError(VIR_ERR_GNUTLS_ERROR, remoteError(VIR_ERR_GNUTLS_ERROR,
_("unable to complete TLS initialization: %s"), _("unable to complete TLS initialization: %s"),
gnutls_strerror (len)); gnutls_strerror (len));
return NULL; goto cleanup;
} }
if (len != 1 || buf[0] != '\1') { if (len != 1 || buf[0] != '\1') {
remoteError(VIR_ERR_RPC, "%s", remoteError(VIR_ERR_RPC, "%s",
_("server verification (of our certificate or IP " _("server verification (of our certificate or IP "
"address) failed")); "address) failed"));
return NULL; goto cleanup;
} }
#if 0 #if 0
@ -1427,6 +1429,14 @@ negotiate_gnutls_on_connection (virConnectPtr conn,
print_info (session); print_info (session);
#endif #endif
success = true;
cleanup:
if (!success) {
gnutls_deinit(session);
session = NULL;
}
return session; return session;
} }