b9a53a
From 6180d5ee908c9c742f816c6922c229aefd533117 Mon Sep 17 00:00:00 2001
4b8c80
From: Lennart Poettering <lennart@poettering.net>
4b8c80
Date: Thu, 17 Jan 2019 21:07:42 +0100
4b8c80
Subject: [PATCH] sd-bus: always go through sd_bus_unref() to free messages
4b8c80
4b8c80
Don't try to be smart, don't bypass the ref counting logic if there's no
4b8c80
real reason to.
4b8c80
4b8c80
This matters if we want to tweak the ref counting logic later.
4b8c80
4b8c80
(cherry picked from commit b41812d1e308de03c879cfca490105216d528c4b)
4b8c80
Related: CVE-2020-1712
4b8c80
---
4b8c80
 src/libsystemd/sd-bus/bus-message.c | 12 +++++-------
4b8c80
 1 file changed, 5 insertions(+), 7 deletions(-)
4b8c80
4b8c80
diff --git a/src/libsystemd/sd-bus/bus-message.c b/src/libsystemd/sd-bus/bus-message.c
b9a53a
index e9cdf46c91..306b6d6816 100644
4b8c80
--- a/src/libsystemd/sd-bus/bus-message.c
4b8c80
+++ b/src/libsystemd/sd-bus/bus-message.c
4b8c80
@@ -138,8 +138,6 @@ static sd_bus_message* message_free(sd_bus_message *m) {
4b8c80
         return mfree(m);
4b8c80
 }
4b8c80
 
4b8c80
-DEFINE_TRIVIAL_CLEANUP_FUNC(sd_bus_message*, message_free);
4b8c80
-
4b8c80
 static void *message_extend_fields(sd_bus_message *m, size_t align, size_t sz, bool add_offset) {
4b8c80
         void *op, *np;
4b8c80
         size_t old_size, new_size, start;
4b8c80
@@ -531,7 +529,7 @@ int bus_message_from_malloc(
4b8c80
                 const char *label,
4b8c80
                 sd_bus_message **ret) {
4b8c80
 
4b8c80
-        _cleanup_(message_freep) sd_bus_message *m = NULL;
4b8c80
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL;
4b8c80
         size_t sz;
4b8c80
         int r;
4b8c80
 
4b8c80
@@ -651,7 +649,7 @@ _public_ int sd_bus_message_new_method_call(
4b8c80
                 const char *interface,
4b8c80
                 const char *member) {
4b8c80
 
4b8c80
-        _cleanup_(message_freep) sd_bus_message *t = NULL;
4b8c80
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *t = NULL;
4b8c80
         int r;
4b8c80
 
4b8c80
         assert_return(bus, -ENOTCONN);
4b8c80
@@ -696,7 +694,7 @@ static int message_new_reply(
4b8c80
                 uint8_t type,
4b8c80
                 sd_bus_message **m) {
4b8c80
 
4b8c80
-        _cleanup_(message_freep) sd_bus_message *t = NULL;
4b8c80
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *t = NULL;
4b8c80
         uint64_t cookie;
4b8c80
         int r;
4b8c80
 
4b8c80
@@ -747,7 +745,7 @@ _public_ int sd_bus_message_new_method_error(
4b8c80
                 sd_bus_message **m,
4b8c80
                 const sd_bus_error *e) {
4b8c80
 
4b8c80
-        _cleanup_(message_freep) sd_bus_message *t = NULL;
4b8c80
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *t = NULL;
4b8c80
         int r;
4b8c80
 
4b8c80
         assert_return(sd_bus_error_is_set(e), -EINVAL);
4b8c80
@@ -850,7 +848,7 @@ int bus_message_new_synthetic_error(
4b8c80
                 const sd_bus_error *e,
4b8c80
                 sd_bus_message **m) {
4b8c80
 
4b8c80
-        _cleanup_(message_freep) sd_bus_message *t = NULL;
4b8c80
+        _cleanup_(sd_bus_message_unrefp) sd_bus_message *t = NULL;
4b8c80
         int r;
4b8c80
 
4b8c80
         assert(bus);