From b461178639ba6c37ab851717f1e5a05532db2da6 Mon Sep 17 00:00:00 2001
From: Zhang Bo <oscar.zhangbo@huawei.com>
Date: Sat, 7 Mar 2020 19:31:01 +0800
Subject: [PATCH] tls: Add a mutex lock on 'tlsCtxt'
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Prevent the handshake function from reading 'tlsCtxt' while
updating 'tlsCtxt'.

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Zhang Bo <oscar.zhangbo@huawei.com>
Signed-off-by: Wu Qingliang <wuqingliang4@huawei.com>
---
 src/rpc/virnetserverclient.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/rpc/virnetserverclient.c b/src/rpc/virnetserverclient.c
index 4d85ee25d7..657108239f 100644
--- a/src/rpc/virnetserverclient.c
+++ b/src/rpc/virnetserverclient.c
@@ -1114,7 +1114,9 @@ int virNetServerClientInit(virNetServerClientPtr client)
                                   client->tls);
 
         /* Begin the TLS handshake. */
+        virObjectLock(client->tlsCtxt);
         ret = virNetTLSSessionHandshake(client->tls);
+        virObjectUnlock(client->tlsCtxt);
         if (ret == 0) {
             /* Unlikely, but ...  Next step is to check the certificate. */
             if (virNetServerClientCheckAccess(client) < 0)
@@ -1435,7 +1437,9 @@ virNetServerClientDispatchHandshake(virNetServerClientPtr client)
 {
     int ret;
     /* Continue the handshake. */
+    virObjectLock(client->tlsCtxt);
     ret = virNetTLSSessionHandshake(client->tls);
+    virObjectUnlock(client->tlsCtxt);
     if (ret == 0) {
         /* Finished.  Next step is to check the certificate. */
         if (virNetServerClientCheckAccess(client) < 0)