[systemd-devel] [PATCH 1/5] [use after free] Avoid using m->kdbus after freeing it.
philippedeswert at gmail.com
philippedeswert at gmail.com
Wed Sep 10 02:20:38 PDT 2014
From: Philippe De Swert <philippedeswert at gmail.com>
m->kdbus could be freed before it is released. Changing the
order fixes the issue.
Found with Coverity. Fixes: CID#1237798
Signed-off-by: Philippe De Swert <philippedeswert at gmail.com>
---
src/libsystemd/sd-bus/bus-message.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/libsystemd/sd-bus/bus-message.c b/src/libsystemd/sd-bus/bus-message.c
index d00455a..bfb14fc 100644
--- a/src/libsystemd/sd-bus/bus-message.c
+++ b/src/libsystemd/sd-bus/bus-message.c
@@ -127,9 +127,6 @@ static void message_free(sd_bus_message *m) {
message_reset_parts(m);
- if (m->free_kdbus)
- free(m->kdbus);
-
if (m->release_kdbus) {
uint64_t off;
@@ -137,6 +134,9 @@ static void message_free(sd_bus_message *m) {
ioctl(m->bus->input_fd, KDBUS_CMD_FREE, &off);
}
+ if (m->free_kdbus)
+ free(m->kdbus);
+
sd_bus_unref(m->bus);
if (m->free_fds) {
--
1.8.3.2
More information about the systemd-devel
mailing list