From 13421cbe0af4343f9d110600755ffa756690b282 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Mon, 23 Feb 2009 15:43:31 -0500 Subject: Fixing serious memory allocation bug in sbus_message_handler. dbus_message_append_args() adds a reference to memory that is not copied to the outgoing message until dbus_connection_send() is called. Since we compile our reply messages in functions and then return the reply, we need a mechanism for deleting allocated memory after invoking dbus_connection_send. I have changed the arguments to sbus_msg_handler_fn so that it takes a talloc ctx containing the sbus_message_handler_ctx and a pointer to a reply object. We can now allocate memory as a child of the reply context and free it after calling dbus_connection_send. --- server/sbus/sssd_dbus.h | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'server/sbus/sssd_dbus.h') diff --git a/server/sbus/sssd_dbus.h b/server/sbus/sssd_dbus.h index c75bbc937..bc65e3146 100644 --- a/server/sbus/sssd_dbus.h +++ b/server/sbus/sssd_dbus.h @@ -27,7 +27,8 @@ struct sbus_srv_ctx; #include "dbus/dbus.h" -typedef int (*sbus_msg_handler_fn)(DBusMessage *, void *, DBusMessage **); +struct sbus_message_ctx; +typedef int (*sbus_msg_handler_fn)(DBusMessage *, struct sbus_message_ctx *); /* * sbus_conn_destructor_fn @@ -71,6 +72,11 @@ struct sbus_message_handler_ctx { struct sbus_method_ctx *method_ctx; }; +struct sbus_message_ctx { + struct sbus_message_handler_ctx *mh_ctx; + DBusMessage *reply_message; +}; + /* Server Functions */ int sbus_new_server(TALLOC_CTX *mem_ctx, struct event_context *ev, struct sbus_method_ctx *ctx, -- cgit