PolicyKit: Branch 'master'
Miloslav Trmac
mitr at kemper.freedesktop.org
Sat Mar 12 02:35:38 UTC 2016
src/polkitagent/polkitagentlistener.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
New commits:
commit 673ef80ed0079d8a4343fb2567b483be17c58969
Author: Stef Walter <stefw at redhat.com>
Date: Fri Mar 11 10:00:43 2016 +0100
polkitagent: Fix access after dereference on hashtable
If an authentication is going on while the agent listener is
going away, then we access memory that has been freed.
g_hash_table_lookup_node: assertion failed: (hash_table->ref_count > 0)'
https://bugs.freedesktop.org/show_bug.cgi?id=94486
diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c
index 80d1dc1..491e4b9 100644
--- a/src/polkitagent/polkitagentlistener.c
+++ b/src/polkitagent/polkitagentlistener.c
@@ -569,8 +569,8 @@ polkit_agent_register_listener (PolkitAgentListener *listener,
typedef struct
{
- Server *server;
gchar *cookie;
+ GHashTable *cookie_to_pending_auth;
GDBusMethodInvocation *invocation;
GCancellable *cancellable;
} AuthData;
@@ -581,6 +581,7 @@ auth_data_free (AuthData *data)
g_free (data->cookie);
g_object_unref (data->invocation);
g_object_unref (data->cancellable);
+ g_hash_table_unref (data->cookie_to_pending_auth);
g_free (data);
}
@@ -607,7 +608,7 @@ auth_cb (GObject *source_object,
g_dbus_method_invocation_return_value (data->invocation, NULL);
}
- g_hash_table_remove (data->server->cookie_to_pending_auth, data->cookie);
+ g_hash_table_remove (data->cookie_to_pending_auth, data->cookie);
auth_data_free (data);
}
@@ -668,7 +669,7 @@ auth_agent_handle_begin_authentication (Server *server,
identities = g_list_reverse (identities);
data = g_new0 (AuthData, 1);
- data->server = server;
+ data->cookie_to_pending_auth = g_hash_table_ref (server->cookie_to_pending_auth);
data->cookie = g_strdup (cookie);
data->invocation = g_object_ref (invocation);
data->cancellable = g_cancellable_new ();
More information about the hal-commit
mailing list