'sess->authPath' is modified before locking the 'sess' object. Additionally on failure of 'virAuthGetConfigFilePathURI' 'sess' would be unlocked even when it was not yet locked. Fixes: 273745b43122a77adf8c73b2e0a852ac42387349 Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx> --- src/rpc/virnetsshsession.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/rpc/virnetsshsession.c b/src/rpc/virnetsshsession.c index 8584a961d6..73e65d9371 100644 --- a/src/rpc/virnetsshsession.c +++ b/src/rpc/virnetsshsession.c @@ -970,15 +970,17 @@ virNetSSHSessionAuthAddPasswordAuth(virNetSSHSession *sess, { virNetSSHAuthMethod *auth; + virObjectLock(sess); + if (uri) { VIR_FREE(sess->authPath); - if (virAuthGetConfigFilePathURI(uri, &sess->authPath) < 0) - goto error; + if (virAuthGetConfigFilePathURI(uri, &sess->authPath) < 0) { + virObjectUnlock(sess); + return -1; + } } - virObjectLock(sess); - if (!(auth = virNetSSHSessionAuthMethodNew(sess))) goto error; -- 2.38.1