summaryrefslogtreecommitdiff
path: root/server/polkit/sssd_polkit.c
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2009-02-23 15:43:31 -0500
committerSimo Sorce <idra@samba.org>2009-02-23 16:20:52 -0500
commit13421cbe0af4343f9d110600755ffa756690b282 (patch)
treefab749d3fd49148ec62d7d664c933fb40b36d9a9 /server/polkit/sssd_polkit.c
parentf8469b71247b5a41cfdf0f54c25ceda1552e0ee9 (diff)
downloadsssd-13421cbe0af4343f9d110600755ffa756690b282.tar.gz
sssd-13421cbe0af4343f9d110600755ffa756690b282.tar.bz2
sssd-13421cbe0af4343f9d110600755ffa756690b282.zip
Fixing serious memory allocation bug in sbus_message_handler.
dbus_message_append_args() adds a reference to memory that is not copied to the outgoing message until dbus_connection_send() is called. Since we compile our reply messages in functions and then return the reply, we need a mechanism for deleting allocated memory after invoking dbus_connection_send. I have changed the arguments to sbus_msg_handler_fn so that it takes a talloc ctx containing the sbus_message_handler_ctx and a pointer to a reply object. We can now allocate memory as a child of the reply context and free it after calling dbus_connection_send.
Diffstat (limited to 'server/polkit/sssd_polkit.c')
-rw-r--r--server/polkit/sssd_polkit.c20
1 files changed, 8 insertions, 12 deletions
diff --git a/server/polkit/sssd_polkit.c b/server/polkit/sssd_polkit.c
index 6c7d0e1e..9eda5373 100644
--- a/server/polkit/sssd_polkit.c
+++ b/server/polkit/sssd_polkit.c
@@ -35,17 +35,16 @@ struct spk_ctx {
struct sbus_srv_ctx *sbus_srv;
};
-static int service_identity(DBusMessage *message, void *data, DBusMessage **r)
+static int service_identity(DBusMessage *message, struct sbus_message_ctx *reply)
{
dbus_uint16_t version = POLKIT_VERSION;
const char *name = POLKIT_SERVICE_NAME;
- DBusMessage *reply;
dbus_bool_t ret;
DEBUG(4, ("Sending identity data [%s,%d]\n", name, version));
- reply = dbus_message_new_method_return(message);
- ret = dbus_message_append_args(reply,
+ reply->reply_message = dbus_message_new_method_return(message);
+ ret = dbus_message_append_args(reply->reply_message,
DBUS_TYPE_STRING, &name,
DBUS_TYPE_UINT16, &version,
DBUS_TYPE_INVALID);
@@ -53,33 +52,30 @@ static int service_identity(DBusMessage *message, void *data, DBusMessage **r)
return EIO;
}
- *r = reply;
return EOK;
}
-static int service_pong(DBusMessage *message, void *data, DBusMessage **r)
+static int service_pong(DBusMessage *message, struct sbus_message_ctx *reply)
{
- DBusMessage *reply;
dbus_bool_t ret;
- reply = dbus_message_new_method_return(message);
- ret = dbus_message_append_args(reply, DBUS_TYPE_INVALID);
+ reply->reply_message = dbus_message_new_method_return(message);
+ ret = dbus_message_append_args(reply->reply_message, DBUS_TYPE_INVALID);
if (!ret) {
return EIO;
}
- *r = reply;
return EOK;
}
-static int service_reload(DBusMessage *message, void *data, DBusMessage **r) {
+static int service_reload(DBusMessage *message, struct sbus_message_ctx *reply) {
/* Monitor calls this function when we need to reload
* our configuration information. Perform whatever steps
* are needed to update the configuration objects.
*/
/* Send an empty reply to acknowledge receipt */
- return service_pong(message, data, r);
+ return service_pong(message, reply);
}
struct sbus_method mon_sbus_methods[] = {