External/libvirt
1
0
Fork 0
Code

virNetLibsshSessionAuthAddPasswordAuth: Don't access unlocked 'sess'

Browse Source 
'sess->authPath' is modified before locking the 'sess' object.
Additionally on failure of 'virAuthGetConfigFilePathURI' 'sess' would be
unlocked even when it was not yet locked.

Fixes: 6917467c2b0e8f655999f3e568708c4651811689
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
Peter Krempa 2023-01-23 16:48:19 +01:00
parent c68a07eeb3
commit 76e005d1a5
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/rpc/virnetlibsshsession.c
View File

@ -846,16 +846,17 @@ virNetLibsshSessionAuthAddPasswordAuth(virNetLibsshSession *sess,
int ret; int ret;
virNetLibsshAuthMethod *auth; virNetLibsshAuthMethod *auth;
virObjectLock(sess);
if (uri) { if (uri) {
VIR_FREE(sess->authPath); VIR_FREE(sess->authPath);
if (virAuthGetConfigFilePathURI(uri, &sess->authPath) < 0) { if (virAuthGetConfigFilePathURI(uri, &sess->authPath) < 0) {
ret = -1; virObjectUnlock(sess);
goto cleanup; return -1;
} }
} }
virObjectLock(sess);
if (!(auth = virNetLibsshSessionAuthMethodNew(sess))) { if (!(auth = virNetLibsshSessionAuthMethodNew(sess))) {
ret = -1; ret = -1;