|
 |
c2dfb7 |
From 6180d5ee908c9c742f816c6922c229aefd533117 Mon Sep 17 00:00:00 2001
|
|
|
c2dfb7 |
From: Lennart Poettering <lennart@poettering.net>
|
|
|
c2dfb7 |
Date: Thu, 17 Jan 2019 21:07:42 +0100
|
|
|
c2dfb7 |
Subject: [PATCH] sd-bus: always go through sd_bus_unref() to free messages
|
|
|
c2dfb7 |
|
|
|
c2dfb7 |
Don't try to be smart, don't bypass the ref counting logic if there's no
|
|
|
c2dfb7 |
real reason to.
|
|
|
c2dfb7 |
|
|
|
c2dfb7 |
This matters if we want to tweak the ref counting logic later.
|
|
|
c2dfb7 |
|
|
|
c2dfb7 |
(cherry picked from commit b41812d1e308de03c879cfca490105216d528c4b)
|
|
|
c2dfb7 |
Related: CVE-2020-1712
|
|
|
c2dfb7 |
---
|
|
|
c2dfb7 |
src/libsystemd/sd-bus/bus-message.c | 12 +++++-------
|
|
|
c2dfb7 |
1 file changed, 5 insertions(+), 7 deletions(-)
|
|
|
c2dfb7 |
|
|
|
c2dfb7 |
diff --git a/src/libsystemd/sd-bus/bus-message.c b/src/libsystemd/sd-bus/bus-message.c
|
|
|
c2dfb7 |
index e9cdf46c91..306b6d6816 100644
|
|
|
c2dfb7 |
--- a/src/libsystemd/sd-bus/bus-message.c
|
|
|
c2dfb7 |
+++ b/src/libsystemd/sd-bus/bus-message.c
|
|
|
c2dfb7 |
@@ -138,8 +138,6 @@ static sd_bus_message* message_free(sd_bus_message *m) {
|
|
|
c2dfb7 |
return mfree(m);
|
|
|
c2dfb7 |
}
|
|
|
c2dfb7 |
|
|
|
c2dfb7 |
-DEFINE_TRIVIAL_CLEANUP_FUNC(sd_bus_message*, message_free);
|
|
|
c2dfb7 |
-
|
|
|
c2dfb7 |
static void *message_extend_fields(sd_bus_message *m, size_t align, size_t sz, bool add_offset) {
|
|
|
c2dfb7 |
void *op, *np;
|
|
|
c2dfb7 |
size_t old_size, new_size, start;
|
|
|
c2dfb7 |
@@ -531,7 +529,7 @@ int bus_message_from_malloc(
|
|
|
c2dfb7 |
const char *label,
|
|
|
c2dfb7 |
sd_bus_message **ret) {
|
|
|
c2dfb7 |
|
|
|
c2dfb7 |
- _cleanup_(message_freep) sd_bus_message *m = NULL;
|
|
|
c2dfb7 |
+ _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
|
|
|
c2dfb7 |
size_t sz;
|
|
|
c2dfb7 |
int r;
|
|
|
c2dfb7 |
|
|
|
c2dfb7 |
@@ -651,7 +649,7 @@ _public_ int sd_bus_message_new_method_call(
|
|
|
c2dfb7 |
const char *interface,
|
|
|
c2dfb7 |
const char *member) {
|
|
|
c2dfb7 |
|
|
|
c2dfb7 |
- _cleanup_(message_freep) sd_bus_message *t = NULL;
|
|
|
c2dfb7 |
+ _cleanup_(sd_bus_message_unrefp) sd_bus_message *t = NULL;
|
|
|
c2dfb7 |
int r;
|
|
|
c2dfb7 |
|
|
|
c2dfb7 |
assert_return(bus, -ENOTCONN);
|
|
|
c2dfb7 |
@@ -696,7 +694,7 @@ static int message_new_reply(
|
|
|
c2dfb7 |
uint8_t type,
|
|
|
c2dfb7 |
sd_bus_message **m) {
|
|
|
c2dfb7 |
|
|
|
c2dfb7 |
- _cleanup_(message_freep) sd_bus_message *t = NULL;
|
|
|
c2dfb7 |
+ _cleanup_(sd_bus_message_unrefp) sd_bus_message *t = NULL;
|
|
|
c2dfb7 |
uint64_t cookie;
|
|
|
c2dfb7 |
int r;
|
|
|
c2dfb7 |
|
|
|
c2dfb7 |
@@ -747,7 +745,7 @@ _public_ int sd_bus_message_new_method_error(
|
|
|
c2dfb7 |
sd_bus_message **m,
|
|
|
c2dfb7 |
const sd_bus_error *e) {
|
|
|
c2dfb7 |
|
|
|
c2dfb7 |
- _cleanup_(message_freep) sd_bus_message *t = NULL;
|
|
|
c2dfb7 |
+ _cleanup_(sd_bus_message_unrefp) sd_bus_message *t = NULL;
|
|
|
c2dfb7 |
int r;
|
|
|
c2dfb7 |
|
|
|
c2dfb7 |
assert_return(sd_bus_error_is_set(e), -EINVAL);
|
|
|
c2dfb7 |
@@ -850,7 +848,7 @@ int bus_message_new_synthetic_error(
|
|
|
c2dfb7 |
const sd_bus_error *e,
|
|
|
c2dfb7 |
sd_bus_message **m) {
|
|
|
c2dfb7 |
|
|
|
c2dfb7 |
- _cleanup_(message_freep) sd_bus_message *t = NULL;
|
|
|
c2dfb7 |
+ _cleanup_(sd_bus_message_unrefp) sd_bus_message *t = NULL;
|
|
|
c2dfb7 |
int r;
|
|
|
c2dfb7 |
|
|
|
c2dfb7 |
assert(bus);
|