From: Daniel P. Berrange <berrange@redhat.com>
Date: Fri, 30 Sep 2016 15:02:01 +0000 (+0100)
Subject: char: fix missing return in error path for chardev TLS init
X-Git-Tag: v2.7.1~43
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5be5335661a9c28f64e2b4e296063a7387ab498f;p=thirdparty%2Fqemu.git

char: fix missing return in error path for chardev TLS init

If the qio_channel_tls_new_(server|client) methods fail,
we disconnect the client. Unfortunately a missing return
means we then go on to try and run the TLS handshake on
a NULL I/O channel. This gives predictably segfaulty
results.

The main way to trigger this is to request a bogus TLS
priority string for the TLS credentials. e.g.

  -object tls-creds-x509,id=tls0,priority=wibble,...

Most other ways appear impossible to trigger except
perhaps if OOM conditions cause gnutls initialization
to fail.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit 660a2d83e026496db6b3eaec2256a2cdd6c74de8)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---

diff --git a/qemu-char.c b/qemu-char.c
index fdb23f52896..90e96271dd7 100644
--- a/qemu-char.c
+++ b/qemu-char.c
@@ -3096,6 +3096,7 @@ static void tcp_chr_tls_init(CharDriverState *chr)
     if (tioc == NULL) {
         error_free(err);
         tcp_chr_disconnect(chr);
+        return;
     }
     object_unref(OBJECT(s->ioc));
     s->ioc = QIO_CHANNEL(tioc);