From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Wed, 6 Aug 2025 13:07:18 +0000 (+0200)
Subject: tls: don't call gnutls_deinit() after failed gnutls_init()
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=abc267a556cbae3172d6014e59c219a10145bda3;p=thirdparty%2Fchrony.git

tls: don't call gnutls_deinit() after failed gnutls_init()

Don't assume gnutls_init() leaves the session pointer at NULL when it
returns with an error status. It might be a session that was already
allocated and then freed without resetting it to NULL after an error.

Fixes: 3e32e7e69412 ("tls: move gnutls code into tls_gnutls.c")
---

diff --git a/tls_gnutls.c b/tls_gnutls.c
index 2def9ee0..bb03cd68 100644
--- a/tls_gnutls.c
+++ b/tls_gnutls.c
@@ -180,6 +180,7 @@ TLS_CreateInstance(int server_mode, int sock_fd, const char *server_name,
                                   (server_mode ? GNUTLS_SERVER : GNUTLS_CLIENT));
   if (r < 0) {
     LOG(LOGS_ERR, "Could not %s TLS session : %s", "create", gnutls_strerror(r));
+    inst->session = NULL;
     goto error;
   }