From abc267a556cbae3172d6014e59c219a10145bda3 Mon Sep 17 00:00:00 2001
From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Wed, 6 Aug 2025 15:07:18 +0200
Subject: [PATCH] tls: don't call gnutls_deinit() after failed gnutls_init()

Don't assume gnutls_init() leaves the session pointer at NULL when it
returns with an error status. It might be a session that was already
allocated and then freed without resetting it to NULL after an error.

Fixes: 3e32e7e69412 ("tls: move gnutls code into tls_gnutls.c")
---
 tls_gnutls.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tls_gnutls.c b/tls_gnutls.c
index 2def9ee0..bb03cd68 100644
--- a/tls_gnutls.c
+++ b/tls_gnutls.c
@@ -180,6 +180,7 @@ TLS_CreateInstance(int server_mode, int sock_fd, const char *server_name,
                                   (server_mode ? GNUTLS_SERVER : GNUTLS_CLIENT));
   if (r < 0) {
     LOG(LOGS_ERR, "Could not %s TLS session : %s", "create", gnutls_strerror(r));
+    inst->session = NULL;
     goto error;
   }
 
-- 
2.47.3