[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 31/67] char: fix missing return in error path for ch
From: |
Michael Roth |
Subject: |
[Qemu-devel] [PATCH 31/67] char: fix missing return in error path for chardev TLS init |
Date: |
Wed, 14 Dec 2016 18:44:25 -0600 |
From: "Daniel P. Berrange" <address@hidden>
If the qio_channel_tls_new_(server|client) methods fail,
we disconnect the client. Unfortunately a missing return
means we then go on to try and run the TLS handshake on
a NULL I/O channel. This gives predictably segfaulty
results.
The main way to trigger this is to request a bogus TLS
priority string for the TLS credentials. e.g.
-object tls-creds-x509,id=tls0,priority=wibble,...
Most other ways appear impossible to trigger except
perhaps if OOM conditions cause gnutls initialization
to fail.
Signed-off-by: Daniel P. Berrange <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Signed-off-by: Michael Tokarev <address@hidden>
(cherry picked from commit 660a2d83e026496db6b3eaec2256a2cdd6c74de8)
Signed-off-by: Michael Roth <address@hidden>
---
qemu-char.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/qemu-char.c b/qemu-char.c
index fdb23f5..90e9627 100644
--- a/qemu-char.c
+++ b/qemu-char.c
@@ -3096,6 +3096,7 @@ static void tcp_chr_tls_init(CharDriverState *chr)
if (tioc == NULL) {
error_free(err);
tcp_chr_disconnect(chr);
+ return;
}
object_unref(OBJECT(s->ioc));
s->ioc = QIO_CHANNEL(tioc);
--
1.9.1
- [Qemu-devel] [PATCH 23/67] qcow2: fix encryption during cow of sectors, (continued)
- [Qemu-devel] [PATCH 23/67] qcow2: fix encryption during cow of sectors, Michael Roth, 2016/12/14
- [Qemu-devel] [PATCH 24/67] iscsi: Fix divide-by-zero regression on raw SG devices, Michael Roth, 2016/12/14
- [Qemu-devel] [PATCH 22/67] vfio/pci: Fix regression in MSI routing configuration, Michael Roth, 2016/12/14
- [Qemu-devel] [PATCH 25/67] block: reintroduce bdrv_flush_all, Michael Roth, 2016/12/14
- [Qemu-devel] [PATCH 26/67] qemu: use bdrv_flush_all for vm_stop et al, Michael Roth, 2016/12/14
- [Qemu-devel] [PATCH 30/67] qht: fix unlock-after-free segfault upon resizing, Michael Roth, 2016/12/14
- [Qemu-devel] [PATCH 27/67] block-backend: remove blk_flush_all, Michael Roth, 2016/12/14
- [Qemu-devel] [PATCH 02/67] hw/ppc/spapr: Move code related to "ibm, pa-features" to a separate function, Michael Roth, 2016/12/14
- [Qemu-devel] [PATCH 33/67] qapi: Fix crash when 'any' or 'null' parameter is missing, Michael Roth, 2016/12/14
- [Qemu-devel] [PATCH 29/67] qht: simplify qht_reset_size, Michael Roth, 2016/12/14
- [Qemu-devel] [PATCH 31/67] char: fix missing return in error path for chardev TLS init,
Michael Roth <=
- [Qemu-devel] [PATCH 28/67] migrate: Fix cpu-throttle-increment regression in HMP, Michael Roth, 2016/12/14
- [Qemu-devel] [PATCH 36/67] ppc/kvm: Mark 64kB page size support as disabled if not available, Michael Roth, 2016/12/14
- [Qemu-devel] [PATCH 39/67] net: rtl8139: limit processing of ring descriptors, Michael Roth, 2016/12/14
- [Qemu-devel] [PATCH 32/67] qmp: fix object-add assert() without props, Michael Roth, 2016/12/14
- [Qemu-devel] [PATCH 35/67] rbd: shift byte count as a 64-bit value, Michael Roth, 2016/12/14
- [Qemu-devel] [PATCH 34/67] tests/test-qmp-input-strict: Cover missing struct members, Michael Roth, 2016/12/14
- [Qemu-devel] [PATCH 37/67] throttle: Correct access to wrong BlockBackendPublic structures, Michael Roth, 2016/12/14
- [Qemu-devel] [PATCH 44/67] target-ppc: Fix CPU migration from qemu-2.6 <-> later versions, Michael Roth, 2016/12/14
- [Qemu-devel] [PATCH 38/67] qemu-iotests: Test I/O in a single drive from a throttling group, Michael Roth, 2016/12/14
- [Qemu-devel] [PATCH 03/67] hw/ppc/spapr: Fix the selection of the processor features, Michael Roth, 2016/12/14