From 13421cbe0af4343f9d110600755ffa756690b282 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Mon, 23 Feb 2009 15:43:31 -0500 Subject: Fixing serious memory allocation bug in sbus_message_handler. dbus_message_append_args() adds a reference to memory that is not copied to the outgoing message until dbus_connection_send() is called. Since we compile our reply messages in functions and then return the reply, we need a mechanism for deleting allocated memory after invoking dbus_connection_send. I have changed the arguments to sbus_msg_handler_fn so that it takes a talloc ctx containing the sbus_message_handler_ctx and a pointer to a reply object. We can now allocate memory as a child of the reply context and free it after calling dbus_connection_send. --- server/monitor/monitor.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) (limited to 'server/monitor/monitor.c') diff --git a/server/monitor/monitor.c b/server/monitor/monitor.c index 166cf3cdd..45191a680 100644 --- a/server/monitor/monitor.c +++ b/server/monitor/monitor.c @@ -88,22 +88,19 @@ static void set_global_checker(struct mt_ctx *ctx); /* dbus_get_monitor_version * Return the monitor version over D-BUS */ static int dbus_get_monitor_version(DBusMessage *message, - void *data, - DBusMessage **r) + struct sbus_message_ctx *reply) { const char *version = MONITOR_VERSION; - DBusMessage *reply; dbus_bool_t ret; - reply = dbus_message_new_method_return(message); - ret = dbus_message_append_args(reply, DBUS_TYPE_STRING, + reply->reply_message = dbus_message_new_method_return(message); + ret = dbus_message_append_args(reply->reply_message, DBUS_TYPE_STRING, &version, DBUS_TYPE_INVALID); if (!ret) { return EIO; } - *r = reply; return EOK; } -- cgit