diff options
author | Stephen Gallagher <sgallagh@redhat.com> | 2009-02-23 15:43:31 -0500 |
---|---|---|
committer | Simo Sorce <idra@samba.org> | 2009-02-23 16:20:52 -0500 |
commit | 13421cbe0af4343f9d110600755ffa756690b282 (patch) | |
tree | fab749d3fd49148ec62d7d664c933fb40b36d9a9 /server/polkit/sssd_polkit.c | |
parent | f8469b71247b5a41cfdf0f54c25ceda1552e0ee9 (diff) | |
download | sssd-13421cbe0af4343f9d110600755ffa756690b282.tar.gz sssd-13421cbe0af4343f9d110600755ffa756690b282.tar.bz2 sssd-13421cbe0af4343f9d110600755ffa756690b282.zip |
Fixing serious memory allocation bug in sbus_message_handler.
dbus_message_append_args() adds a reference to memory that is not
copied to the outgoing message until dbus_connection_send() is
called. Since we compile our reply messages in functions and then
return the reply, we need a mechanism for deleting allocated
memory after invoking dbus_connection_send. I have changed the
arguments to sbus_msg_handler_fn so that it takes a talloc ctx
containing the sbus_message_handler_ctx and a pointer to a reply
object. We can now allocate memory as a child of the reply context
and free it after calling dbus_connection_send.
Diffstat (limited to 'server/polkit/sssd_polkit.c')
-rw-r--r-- | server/polkit/sssd_polkit.c | 20 |
1 files changed, 8 insertions, 12 deletions
diff --git a/server/polkit/sssd_polkit.c b/server/polkit/sssd_polkit.c index 6c7d0e1e..9eda5373 100644 --- a/server/polkit/sssd_polkit.c +++ b/server/polkit/sssd_polkit.c @@ -35,17 +35,16 @@ struct spk_ctx { struct sbus_srv_ctx *sbus_srv; }; -static int service_identity(DBusMessage *message, void *data, DBusMessage **r) +static int service_identity(DBusMessage *message, struct sbus_message_ctx *reply) { dbus_uint16_t version = POLKIT_VERSION; const char *name = POLKIT_SERVICE_NAME; - DBusMessage *reply; dbus_bool_t ret; DEBUG(4, ("Sending identity data [%s,%d]\n", name, version)); - reply = dbus_message_new_method_return(message); - ret = dbus_message_append_args(reply, + reply->reply_message = dbus_message_new_method_return(message); + ret = dbus_message_append_args(reply->reply_message, DBUS_TYPE_STRING, &name, DBUS_TYPE_UINT16, &version, DBUS_TYPE_INVALID); @@ -53,33 +52,30 @@ static int service_identity(DBusMessage *message, void *data, DBusMessage **r) return EIO; } - *r = reply; return EOK; } -static int service_pong(DBusMessage *message, void *data, DBusMessage **r) +static int service_pong(DBusMessage *message, struct sbus_message_ctx *reply) { - DBusMessage *reply; dbus_bool_t ret; - reply = dbus_message_new_method_return(message); - ret = dbus_message_append_args(reply, DBUS_TYPE_INVALID); + reply->reply_message = dbus_message_new_method_return(message); + ret = dbus_message_append_args(reply->reply_message, DBUS_TYPE_INVALID); if (!ret) { return EIO; } - *r = reply; return EOK; } -static int service_reload(DBusMessage *message, void *data, DBusMessage **r) { +static int service_reload(DBusMessage *message, struct sbus_message_ctx *reply) { /* Monitor calls this function when we need to reload * our configuration information. Perform whatever steps * are needed to update the configuration objects. */ /* Send an empty reply to acknowledge receipt */ - return service_pong(message, data, r); + return service_pong(message, reply); } struct sbus_method mon_sbus_methods[] = { |