Blob Blame History Raw
From d47b031bc09b43fe2002fd5c737969b733b4789b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Wed, 12 Sep 2018 13:21:11 +0200
Subject: [PATCH 25/28] sbus: read destination after sender is set

dbus_message_set_sender may reallocate internal fields which will yield pointer
obtained by dbus_message_get_* invalid.

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 9245bf1afe6767a0412212bc0040e606ee850e7d)
---
 src/sbus/server/sbus_server_handler.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/sbus/server/sbus_server_handler.c b/src/sbus/server/sbus_server_handler.c
index c300d81e1272fdb3d042491680ba9b678e00fbb1..d4e454780a29e321b322dced4b4c0ec7110233ad 100644
--- a/src/sbus/server/sbus_server_handler.c
+++ b/src/sbus/server/sbus_server_handler.c
@@ -148,9 +148,6 @@ sbus_server_filter(DBusConnection *dbus_conn,
         return DBUS_HANDLER_RESULT_HANDLED;
     }

-    destination = dbus_message_get_destination(message);
-    type = dbus_message_get_type(message);
-
     conn = dbus_connection_get_data(dbus_conn, server->data_slot);
     if (conn == NULL) {
         DEBUG(SSSDBG_CRIT_FAILURE, "Unknown connection!\n");
@@ -173,6 +170,11 @@ sbus_server_filter(DBusConnection *dbus_conn,
         return DBUS_HANDLER_RESULT_HANDLED;
     }

+    /* Set sender may reallocate internal fields so this needs to be read
+     * after we call dbus_message_set_sender(). */
+    destination = dbus_message_get_destination(message);
+    type = dbus_message_get_type(message);
+
     if (type == DBUS_MESSAGE_TYPE_SIGNAL) {
         return sbus_server_route_signal(server, conn, message, destination);
     }
--
2.14.4