summaryrefslogtreecommitdiff
path: root/server/nss/nsssrv.c
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2009-02-23 15:43:31 -0500
committerSimo Sorce <idra@samba.org>2009-02-23 16:20:52 -0500
commit13421cbe0af4343f9d110600755ffa756690b282 (patch)
treefab749d3fd49148ec62d7d664c933fb40b36d9a9 /server/nss/nsssrv.c
parentf8469b71247b5a41cfdf0f54c25ceda1552e0ee9 (diff)
downloadsssd-13421cbe0af4343f9d110600755ffa756690b282.tar.gz
sssd-13421cbe0af4343f9d110600755ffa756690b282.tar.bz2
sssd-13421cbe0af4343f9d110600755ffa756690b282.zip
Fixing serious memory allocation bug in sbus_message_handler.
dbus_message_append_args() adds a reference to memory that is not copied to the outgoing message until dbus_connection_send() is called. Since we compile our reply messages in functions and then return the reply, we need a mechanism for deleting allocated memory after invoking dbus_connection_send. I have changed the arguments to sbus_msg_handler_fn so that it takes a talloc ctx containing the sbus_message_handler_ctx and a pointer to a reply object. We can now allocate memory as a child of the reply context and free it after calling dbus_connection_send.
Diffstat (limited to 'server/nss/nsssrv.c')
-rw-r--r--server/nss/nsssrv.c28
1 files changed, 12 insertions, 16 deletions
diff --git a/server/nss/nsssrv.c b/server/nss/nsssrv.c
index b6191cce..0909f629 100644
--- a/server/nss/nsssrv.c
+++ b/server/nss/nsssrv.c
@@ -44,9 +44,9 @@
#define SSS_NSS_PIPE_NAME "nss"
-static int service_identity(DBusMessage *message, void *data, DBusMessage **r);
-static int service_pong(DBusMessage *message, void *data, DBusMessage **r);
-static int service_reload(DBusMessage *message, void *data, DBusMessage **r);
+static int service_identity(DBusMessage *message, struct sbus_message_ctx *reply);
+static int service_pong(DBusMessage *message, struct sbus_message_ctx *reply);
+static int service_reload(DBusMessage *message, struct sbus_message_ctx *reply);
static int nss_init_domains(struct nss_ctx *nctx);
static int _domain_comparator(const void *key1, const void *key2);
@@ -227,18 +227,17 @@ static void accept_fd_handler(struct event_context *ev,
return;
}
-static int service_identity(DBusMessage *message, void *data, DBusMessage **r)
+static int service_identity(DBusMessage *message, struct sbus_message_ctx *reply)
{
dbus_uint16_t version = NSS_SBUS_SERVICE_VERSION;
- const char *name = NSS_SBUS_SERVICE_NAME;
- DBusMessage *reply;
+ const char *name = NSS_SBUS_SERVICE_NAME;\
dbus_bool_t ret;
DEBUG(4,("Sending ID reply: (%s,%d)\n",
name, version));
- reply = dbus_message_new_method_return(message);
- ret = dbus_message_append_args(reply,
+ reply->reply_message = dbus_message_new_method_return(message);
+ ret = dbus_message_append_args(reply->reply_message,
DBUS_TYPE_STRING, &name,
DBUS_TYPE_UINT16, &version,
DBUS_TYPE_INVALID);
@@ -246,33 +245,30 @@ static int service_identity(DBusMessage *message, void *data, DBusMessage **r)
return EIO;
}
- *r = reply;
return EOK;
}
-static int service_pong(DBusMessage *message, void *data, DBusMessage **r)
+static int service_pong(DBusMessage *message, struct sbus_message_ctx *reply)
{
- DBusMessage *reply;
dbus_bool_t ret;
- reply = dbus_message_new_method_return(message);
- ret = dbus_message_append_args(reply, DBUS_TYPE_INVALID);
+ reply->reply_message = dbus_message_new_method_return(message);
+ ret = dbus_message_append_args(reply->reply_message, DBUS_TYPE_INVALID);
if (!ret) {
return EIO;
}
- *r = reply;
return EOK;
}
-static int service_reload(DBusMessage *message, void *data, DBusMessage **r) {
+static int service_reload(DBusMessage *message, struct sbus_message_ctx *reply) {
/* Monitor calls this function when we need to reload
* our configuration information. Perform whatever steps
* are needed to update the configuration objects.
*/
/* Send an empty reply to acknowledge receipt */
- return service_pong(message, data, r);
+ return service_pong(message, reply);
}
static int nss_sbus_init(struct nss_ctx *nctx)