Commit 660a2d83 authored by Daniel P. Berrangé's avatar Daniel P. Berrangé Committed by Michael Tokarev
Browse files

char: fix missing return in error path for chardev TLS init 



If the qio_channel_tls_new_(server|client) methods fail,
we disconnect the client. Unfortunately a missing return
means we then go on to try and run the TLS handshake on
a NULL I/O channel. This gives predictably segfaulty
results.

The main way to trigger this is to request a bogus TLS
priority string for the TLS credentials. e.g.

  -object tls-creds-x509,id=tls0,priority=wibble,...

Most other ways appear impossible to trigger except
perhaps if OOM conditions cause gnutls initialization
to fail.

Signed-off-by: default avatarDaniel P. Berrange <berrange@redhat.com>
Reviewed-by: default avatarEric Blake <eblake@redhat.com>
Signed-off-by: default avatarMichael Tokarev <mjt@tls.msk.ru>
parent 56bef851

qemu-char.c

+1 −0
Original line number Diff line number Diff line
@@ -3132,6 +3132,7 @@ static void tcp_chr_tls_init(CharDriverState *chr) 
    if (tioc == NULL) {

        error_free(err);

        tcp_chr_disconnect(chr);

        return;

    }

    object_unref(OBJECT(s->ioc));

    s->ioc = QIO_CHANNEL(tioc);