fix double-free handling VPN data in nm-applet (rh #1541565)
Also: fix certificate chooser for no available modules (bgo #785674)
This commit is contained in:
		
							parent
							
								
									d6f6981153
								
							
						
					
					
						commit
						0dca25c6fa
					
				
							
								
								
									
										137
									
								
								0002-fix-vpn-get-data-crash-rh1541565.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										137
									
								
								0002-fix-vpn-get-data-crash-rh1541565.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,137 @@ | |||||||
|  | From 46f99b295e59f44dfde50ec90e7c09627d32431e Mon Sep 17 00:00:00 2001 | ||||||
|  | From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com> | ||||||
|  | Date: Wed, 20 Dec 2017 13:23:12 +0100 | ||||||
|  | Subject: [PATCH 1/2] shared/compat: fix memory handling of | ||||||
|  |  nm_setting_vpn_get_*_keys | ||||||
|  | 
 | ||||||
|  | The compat implementations return a (transfer none) strv instead of a | ||||||
|  | (transfer container) one. This has caused double frees in nm-applet: | ||||||
|  | https://bugs.archlinux.org/task/56772 | ||||||
|  | 
 | ||||||
|  | Don't copy the keys and don't free the container later. | ||||||
|  | 
 | ||||||
|  | [thaller@redhat.com: patch adjusted to avoid compiler warning] | ||||||
|  | 
 | ||||||
|  | Patch imported from NetworkManager commit 8ac8c01162235c2c198bfaf25fb7d1a57a595ce5. | ||||||
|  | 
 | ||||||
|  | Fixes: e93ca7fc129ec0f29f5313a3aa12839914df8fa2 | ||||||
|  | (cherry picked from commit 0c90e08f77b71d2bda699cf032fceec0122bbf82) | ||||||
|  | ---
 | ||||||
|  |  shared/nm-utils/nm-compat.c | 10 +--------- | ||||||
|  |  1 file changed, 1 insertion(+), 9 deletions(-) | ||||||
|  | 
 | ||||||
|  | diff --git a/shared/nm-utils/nm-compat.c b/shared/nm-utils/nm-compat.c
 | ||||||
|  | index 22ab675d..47035e62 100644
 | ||||||
|  | --- a/shared/nm-utils/nm-compat.c
 | ||||||
|  | +++ b/shared/nm-utils/nm-compat.c
 | ||||||
|  | @@ -30,7 +30,7 @@ _get_keys_cb (const char *key, const char *val, gpointer user_data)
 | ||||||
|  |  { | ||||||
|  |  	GPtrArray *a = user_data; | ||||||
|  |   | ||||||
|  | -	g_ptr_array_add (a, g_strdup (key));
 | ||||||
|  | +	g_ptr_array_add (a, (gpointer) key);
 | ||||||
|  |  } | ||||||
|  |   | ||||||
|  |  static const char ** | ||||||
|  | @@ -55,14 +55,6 @@ _get_keys (NMSettingVpn *setting,
 | ||||||
|  |  		g_ptr_array_sort (a, nm_strcmp_p); | ||||||
|  |  		g_ptr_array_add (a, NULL); | ||||||
|  |  		keys = (const char **) g_ptr_array_free (g_steal_pointer (&a), FALSE); | ||||||
|  | -
 | ||||||
|  | -		/* we need to cache the keys *somewhere*. */
 | ||||||
|  | -		g_object_set_qdata_full (G_OBJECT (setting),
 | ||||||
|  | -		                         is_secrets
 | ||||||
|  | -		                         ? NM_CACHED_QUARK ("libnm._nm_setting_vpn_get_secret_keys")
 | ||||||
|  | -		                         : NM_CACHED_QUARK ("libnm._nm_setting_vpn_get_data_keys"),
 | ||||||
|  | -		                         keys,
 | ||||||
|  | -		                         (GDestroyNotify) g_strfreev);
 | ||||||
|  |  	} | ||||||
|  |   | ||||||
|  |  	NM_SET_OUT (out_length, len); | ||||||
|  | -- 
 | ||||||
|  | 2.14.3 | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | From 0d13a8b4064c83146714ecee86b69042aca35f9e Mon Sep 17 00:00:00 2001 | ||||||
|  | From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com> | ||||||
|  | Date: Thu, 21 Dec 2017 20:36:48 +0100 | ||||||
|  | Subject: [PATCH 2/2] shared/compat: fix memory handling of | ||||||
|  |  nm_setting_vpn_get_*_keys() | ||||||
|  | 
 | ||||||
|  | The previous fix was bad because the keys do not come from NMSettingVpn's hash | ||||||
|  | table but are copies that are freed by nm_setting_vpn_foreach_* before | ||||||
|  | it returns. | ||||||
|  | 
 | ||||||
|  | [thaller@redhat.com: import shared code from NetworkManager, merging | ||||||
|  | three patches together.] | ||||||
|  | 
 | ||||||
|  | Fixes: e93ca7fc129ec0f29f5313a3aa12839914df8fa2 | ||||||
|  | Fixes: 0c90e08f77b71d2bda699cf032fceec0122bbf82 | ||||||
|  | 
 | ||||||
|  | https://mail.gnome.org/archives/networkmanager-list/2017-December/msg00069.html | ||||||
|  | https://mail.gnome.org/archives/networkmanager-list/2017-December/msg00070.html | ||||||
|  | (cherry picked from commit a52ccb2fe170558fc0aab4dd1d15ba8808b10951) | ||||||
|  | ---
 | ||||||
|  |  shared/nm-utils/nm-compat.c | 29 ++++++++++++++++++++++------- | ||||||
|  |  1 file changed, 22 insertions(+), 7 deletions(-) | ||||||
|  | 
 | ||||||
|  | diff --git a/shared/nm-utils/nm-compat.c b/shared/nm-utils/nm-compat.c
 | ||||||
|  | index 47035e62..90328c06 100644
 | ||||||
|  | --- a/shared/nm-utils/nm-compat.c
 | ||||||
|  | +++ b/shared/nm-utils/nm-compat.c
 | ||||||
|  | @@ -30,7 +30,7 @@ _get_keys_cb (const char *key, const char *val, gpointer user_data)
 | ||||||
|  |  { | ||||||
|  |  	GPtrArray *a = user_data; | ||||||
|  |   | ||||||
|  | -	g_ptr_array_add (a, (gpointer) key);
 | ||||||
|  | +	g_ptr_array_add (a, g_strdup (key));
 | ||||||
|  |  } | ||||||
|  |   | ||||||
|  |  static const char ** | ||||||
|  | @@ -40,22 +40,37 @@ _get_keys (NMSettingVpn *setting,
 | ||||||
|  |  { | ||||||
|  |  	guint len; | ||||||
|  |  	const char **keys = NULL; | ||||||
|  | -	gs_unref_ptrarray GPtrArray *a = NULL;
 | ||||||
|  | +	GPtrArray *a;
 | ||||||
|  |   | ||||||
|  |  	nm_assert (NM_IS_SETTING_VPN (setting)); | ||||||
|  |   | ||||||
|  | -	a = g_ptr_array_new ();
 | ||||||
|  | +	if (is_secrets)
 | ||||||
|  | +		len = nm_setting_vpn_get_num_secrets (setting);
 | ||||||
|  | +	else
 | ||||||
|  | +		len = nm_setting_vpn_get_num_data_items (setting);
 | ||||||
|  | +
 | ||||||
|  | +	a = g_ptr_array_sized_new (len + 1);
 | ||||||
|  | +
 | ||||||
|  |  	if (is_secrets) | ||||||
|  |  		nm_setting_vpn_foreach_secret (setting, _get_keys_cb, a); | ||||||
|  |  	else | ||||||
|  |  		nm_setting_vpn_foreach_data_item (setting, _get_keys_cb, a); | ||||||
|  | -	len = a->len;
 | ||||||
|  |   | ||||||
|  | -	if (a->len) {
 | ||||||
|  | +	len = a->len;
 | ||||||
|  | +	if (len) {
 | ||||||
|  |  		g_ptr_array_sort (a, nm_strcmp_p); | ||||||
|  |  		g_ptr_array_add (a, NULL); | ||||||
|  | -		keys = (const char **) g_ptr_array_free (g_steal_pointer (&a), FALSE);
 | ||||||
|  | -	}
 | ||||||
|  | +		keys = g_memdup (a->pdata, a->len * sizeof (gpointer));
 | ||||||
|  | +
 | ||||||
|  | +		/* we need to cache the keys *somewhere*. */
 | ||||||
|  | +		g_object_set_qdata_full (G_OBJECT (setting),
 | ||||||
|  | +		                         is_secrets
 | ||||||
|  | +		                         ? NM_CACHED_QUARK ("libnm._nm_setting_vpn_get_secret_keys")
 | ||||||
|  | +		                         : NM_CACHED_QUARK ("libnm._nm_setting_vpn_get_data_keys"),
 | ||||||
|  | +		                         g_ptr_array_free (a, FALSE),
 | ||||||
|  | +		                         (GDestroyNotify) g_strfreev);
 | ||||||
|  | +	} else
 | ||||||
|  | +		g_ptr_array_free (a, TRUE);
 | ||||||
|  |   | ||||||
|  |  	NM_SET_OUT (out_length, len); | ||||||
|  |  	return keys; | ||||||
|  | -- 
 | ||||||
|  | 2.14.3 | ||||||
|  | 
 | ||||||
							
								
								
									
										38
									
								
								0003-fix-cert-chooser-for-no-modules-bgo785674.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										38
									
								
								0003-fix-cert-chooser-for-no-modules-bgo785674.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,38 @@ | |||||||
|  | From 4d2523b482ab78134dafc02c9b99bd15f1a9174a Mon Sep 17 00:00:00 2001 | ||||||
|  | From: Ben Wiederhake <BenWiederhake.GitHub@gmx.de> | ||||||
|  | Date: Sun, 14 Jan 2018 23:28:15 +0100 | ||||||
|  | Subject: [PATCH 1/1] libnma/cert-chooser: handle case of no avalable modules | ||||||
|  | 
 | ||||||
|  | Cause: Apparently it's perfectly okay if the list of modules is empty | ||||||
|  | (e.g., NULL).  However, the code assume that this indicates an error, | ||||||
|  | tries to print the NULL error, and crashes. | ||||||
|  | 
 | ||||||
|  | [lkundrak@v3.sk: cosmetic changes] | ||||||
|  | 
 | ||||||
|  | https://bugzilla.gnome.org/show_bug.cgi?id=785674 | ||||||
|  | (cherry picked from commit a37483c1a364ef3cc1cfa29e7ad51ca108d75674) | ||||||
|  | ---
 | ||||||
|  |  src/libnma/nma-cert-chooser-button.c | 6 +++--- | ||||||
|  |  1 file changed, 3 insertions(+), 3 deletions(-) | ||||||
|  | 
 | ||||||
|  | diff --git a/src/libnma/nma-cert-chooser-button.c b/src/libnma/nma-cert-chooser-button.c
 | ||||||
|  | index c7089390..00651765 100644
 | ||||||
|  | --- a/src/libnma/nma-cert-chooser-button.c
 | ||||||
|  | +++ b/src/libnma/nma-cert-chooser-button.c
 | ||||||
|  | @@ -93,10 +93,10 @@ modules_initialized (GObject *object, GAsyncResult *res, gpointer user_data)
 | ||||||
|  |  	gchar *label; | ||||||
|  |   | ||||||
|  |  	modules = gck_modules_initialize_registered_finish (res, &error); | ||||||
|  | -	if (!modules) {
 | ||||||
|  | +	if (error) {
 | ||||||
|  |  		/* The Front Fell Off. */ | ||||||
|  | -		g_critical ("Error getting registered modules: %s", error->message);
 | ||||||
|  | -		g_error_free (error);
 | ||||||
|  | +		g_warning ("Error getting registered modules: %s", error->message);
 | ||||||
|  | +		g_clear_error (&error);
 | ||||||
|  |  	} | ||||||
|  |   | ||||||
|  |  	model = GTK_LIST_STORE (gtk_combo_box_get_model (GTK_COMBO_BOX (self))); | ||||||
|  | -- 
 | ||||||
|  | 2.14.3 | ||||||
|  | 
 | ||||||
| @ -5,7 +5,7 @@ | |||||||
| 
 | 
 | ||||||
| %global rpm_version 1.8.10 | %global rpm_version 1.8.10 | ||||||
| %global real_version 1.8.10 | %global real_version 1.8.10 | ||||||
| %global release_version 1 | %global release_version 2 | ||||||
| 
 | 
 | ||||||
| %global real_version_major %(printf '%s' '%{real_version}' | sed -n 's/^\\([1-9][0-9]*\\.[1-9][0-9]*\\)\\.[1-9][0-9]*$/\\1/p') | %global real_version_major %(printf '%s' '%{real_version}' | sed -n 's/^\\([1-9][0-9]*\\.[1-9][0-9]*\\)\\.[1-9][0-9]*$/\\1/p') | ||||||
| 
 | 
 | ||||||
| @ -18,7 +18,7 @@ | |||||||
| Name: network-manager-applet | Name: network-manager-applet | ||||||
| Summary: A network control and status applet for NetworkManager | Summary: A network control and status applet for NetworkManager | ||||||
| Version: %{rpm_version} | Version: %{rpm_version} | ||||||
| Release: %{release_version}%{?dist}.2 | Release: %{release_version}%{?dist} | ||||||
| Group: Applications/System | Group: Applications/System | ||||||
| License: GPLv2+ | License: GPLv2+ | ||||||
| URL: http://www.gnome.org/projects/NetworkManager/ | URL: http://www.gnome.org/projects/NetworkManager/ | ||||||
| @ -26,6 +26,8 @@ Obsoletes: NetworkManager-gnome < %{obsoletes_ver} | |||||||
| 
 | 
 | ||||||
| Source: https://download.gnome.org/sources/network-manager-applet/%{real_version_major}/%{name}-%{real_version}.tar.xz | Source: https://download.gnome.org/sources/network-manager-applet/%{real_version_major}/%{name}-%{real_version}.tar.xz | ||||||
| Patch1: 0001-nm-applet-no-notifications.patch | Patch1: 0001-nm-applet-no-notifications.patch | ||||||
|  | Patch2: 0002-fix-vpn-get-data-crash-rh1541565.patch | ||||||
|  | Patch3: 0003-fix-cert-chooser-for-no-modules-bgo785674.patch | ||||||
| 
 | 
 | ||||||
| Requires: NetworkManager >= %{nm_version} | Requires: NetworkManager >= %{nm_version} | ||||||
| Requires: libnotify >= 0.4.3 | Requires: libnotify >= 0.4.3 | ||||||
| @ -126,6 +128,8 @@ This package deprecates libnm-gtk. | |||||||
| %prep | %prep | ||||||
| %setup -q -n "%{name}-%{real_version}" | %setup -q -n "%{name}-%{real_version}" | ||||||
| %patch1 -p1 | %patch1 -p1 | ||||||
|  | %patch2 -p1 | ||||||
|  | %patch3 -p1 | ||||||
| 
 | 
 | ||||||
| %build | %build | ||||||
| %meson \ | %meson \ | ||||||
| @ -216,6 +220,10 @@ desktop-file-validate $RPM_BUILD_ROOT%{_datadir}/applications/nm-connection-edit | |||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
| %changelog | %changelog | ||||||
|  | * Sun Feb  4 2018 Thomas Haller <thaller@redhat.com> - 1.8.10-2 | ||||||
|  | - fix double-free handling VPN data in nm-applet (rh #1541565) | ||||||
|  | - fix certificate chooser for no available modules (bgo #785674) | ||||||
|  | 
 | ||||||
| * Sat Feb 03 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.8.10-1.2 | * Sat Feb 03 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.8.10-1.2 | ||||||
| - Switch to %%ldconfig_scriptlets | - Switch to %%ldconfig_scriptlets | ||||||
| 
 | 
 | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user