virNetSSHSessionAuthAddPasswordAuth: Don't access unlocked 'sess'

'sess->authPath' is modified before locking the 'sess' object.
Additionally on failure of 'virAuthGetConfigFilePathURI' 'sess' would be
unlocked even when it was not yet locked.

Fixes: 273745b43122a77adf8c73b2e0a852ac42387349
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>

diff --git a/src/rpc/virnetsshsession.c b/src/rpc/virnetsshsession.c
index 8584a961d66c005564c4b97eeaf8ca698d8aafdf..73e65d93711162291404519baac41800742507f2 100644 (file)
--- a/src/rpc/virnetsshsession.c
+++ b/src/rpc/virnetsshsession.c
@@ -970,15 +970,17 @@ virNetSSHSessionAuthAddPasswordAuth(virNetSSHSession *sess,
 {
     virNetSSHAuthMethod *auth;
 
+    virObjectLock(sess);
+
     if (uri) {
         VIR_FREE(sess->authPath);
 
-        if (virAuthGetConfigFilePathURI(uri, &sess->authPath) < 0)
-            goto error;
+        if (virAuthGetConfigFilePathURI(uri, &sess->authPath) < 0) {
+            virObjectUnlock(sess);
+            return -1;
+        }
     }
 
-    virObjectLock(sess);
-
     if (!(auth = virNetSSHSessionAuthMethodNew(sess)))
         goto error;