[libsecret/wip/mcrha/flatpak-use-after-free-fix] secret-file-backend: Fix use-after-free in flatpak
- From: Milan Crha <mcrha src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [libsecret/wip/mcrha/flatpak-use-after-free-fix] secret-file-backend: Fix use-after-free in flatpak
- Date: Thu, 19 Mar 2020 08:24:19 +0000 (UTC)
commit 523fe32b65f1561352986f186f3cd0eb4698a8b3
Author: Milan Crha <mcrha redhat com>
Date: Thu Mar 19 09:24:52 2020 +0100
secret-file-backend: Fix use-after-free in flatpak
The on_portal_retrieve_secret() can connect a GCancellable, but it
doesn't disconnect from it (only when the cancellable is cancelled),
which means when the cancellable is cancelled later, when the GTask
is gone, the callback is called with already freed data.
libsecret/secret-file-backend.c | 6 ++++++
1 file changed, 6 insertions(+)
---
diff --git a/libsecret/secret-file-backend.c b/libsecret/secret-file-backend.c
index e69c319..649ef0d 100644
--- a/libsecret/secret-file-backend.c
+++ b/libsecret/secret-file-backend.c
@@ -231,6 +231,11 @@ on_portal_response (GDBusConnection *connection,
InitClosure *init = g_task_get_task_data (task);
guint32 response;
+ if (init->cancellable_signal_id) {
+ g_cancellable_disconnect (g_task_get_cancellable (task), init->cancellable_signal_id);
+ init->cancellable_signal_id = 0;
+ }
+
g_dbus_connection_signal_unsubscribe (connection,
init->portal_signal_id);
@@ -303,6 +308,7 @@ on_portal_cancel (GCancellable *cancellable,
task);
g_cancellable_disconnect (cancellable, init->cancellable_signal_id);
+ init->cancellable_signal_id = 0;
}
static void
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
