commit 7ecf29a9db86f7161e2ff48e7bb8ea46a90f954f Author: Miloslav Trmač Date: Wed Feb 8 22:57:21 2017 +0100 Fix a memory leak in server_handle_authentication_agent_response{,2} Signed-off-by: Miloslav Trmač diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c index 2bcad62..cad3f74 100644 --- a/src/polkitbackend/polkitbackendauthority.c +++ b/src/polkitbackend/polkitbackendauthority.c @@ -1054,6 +1054,7 @@ server_handle_authentication_agent_response (Server *server, g_dbus_method_invocation_return_value (invocation, g_variant_new ("()")); out: + g_variant_unref (identity_gvariant); if (identity != NULL) g_object_unref (identity); } @@ -1104,6 +1105,7 @@ server_handle_authentication_agent_response2 (Server *server, g_dbus_method_invocation_return_value (invocation, g_variant_new ("()")); out: + g_variant_unref (identity_gvariant); if (identity != NULL) g_object_unref (identity); } commit d9efd2673d73214e7990e3e67cdddfa77c6a8226 Author: Miloslav Trmač Date: Wed Feb 8 22:55:10 2017 +0100 Fix a memory leak in server_handle_unregister_authentication_agent Signed-off-by: Miloslav Trmač diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c index 7e08e57..2bcad62 100644 --- a/src/polkitbackend/polkitbackendauthority.c +++ b/src/polkitbackend/polkitbackendauthority.c @@ -1003,6 +1003,7 @@ server_handle_unregister_authentication_agent (Server *server, g_dbus_method_invocation_return_value (invocation, g_variant_new ("()")); out: + g_variant_unref (subject_gvariant); if (subject != NULL) g_object_unref (subject); } commit af4566e1a7e9031b9a05f49c7d27bf379d822016 Author: Miloslav Trmač Date: Thu Feb 9 19:53:54 2017 +0100 Fix a memory leak per agent authentication Signed-off-by: Miloslav Trmač diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index bf0ee48..b8096b3 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -1906,15 +1906,15 @@ authentication_agent_begin_cb (GDBusProxy *proxy, AuthenticationSession *session = user_data; gboolean gained_authorization; gboolean was_dismissed; + GVariant *result; GError *error; was_dismissed = FALSE; gained_authorization = FALSE; error = NULL; - if (!g_dbus_proxy_call_finish (proxy, - res, - &error)) + result = g_dbus_proxy_call_finish (proxy, res, &error); + if (result == NULL) { g_printerr ("Error performing authentication: %s (%s %d)\n", error->message, @@ -1926,6 +1926,7 @@ authentication_agent_begin_cb (GDBusProxy *proxy, } else { + g_variant_unref (result); gained_authorization = session->is_authenticated; g_debug ("Authentication complete, is_authenticated = %d", session->is_authenticated); } From 673ef80ed0079d8a4343fb2567b483be17c58969 Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Fri, 11 Mar 2016 10:00:43 +0100 Subject: [PATCH 15/29] polkitagent: Fix access after dereference on hashtable If an authentication is going on while the agent listener is going away, then we access memory that has been freed. g_hash_table_lookup_node: assertion failed: (hash_table->ref_count > 0)' https://bugs.freedesktop.org/show_bug.cgi?id=94486 --- src/polkitagent/polkitagentlistener.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c index 80d1dc1..491e4b9 100644 --- a/src/polkitagent/polkitagentlistener.c +++ b/src/polkitagent/polkitagentlistener.c @@ -569,8 +569,8 @@ polkit_agent_register_listener (PolkitAgentListener *listener, typedef struct { - Server *server; gchar *cookie; + GHashTable *cookie_to_pending_auth; GDBusMethodInvocation *invocation; GCancellable *cancellable; } AuthData; @@ -581,6 +581,7 @@ auth_data_free (AuthData *data) g_free (data->cookie); g_object_unref (data->invocation); g_object_unref (data->cancellable); + g_hash_table_unref (data->cookie_to_pending_auth); g_free (data); } @@ -607,7 +608,7 @@ auth_cb (GObject *source_object, g_dbus_method_invocation_return_value (data->invocation, NULL); } - g_hash_table_remove (data->server->cookie_to_pending_auth, data->cookie); + g_hash_table_remove (data->cookie_to_pending_auth, data->cookie); auth_data_free (data); } @@ -668,7 +669,7 @@ auth_agent_handle_begin_authentication (Server *server, identities = g_list_reverse (identities); data = g_new0 (AuthData, 1); - data->server = server; + data->cookie_to_pending_auth = g_hash_table_ref (server->cookie_to_pending_auth); data->cookie = g_strdup (cookie); data->invocation = g_object_ref (invocation); data->cancellable = g_cancellable_new (); -- 2.12.1 From f529fa4ac03f491678c7520d7a2d1c05491feab1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Sat, 12 Mar 2016 03:40:20 +0100 Subject: [PATCH 16/29] Fix a memory leak of PolkitAgentListener's Server object https://bugs.freedesktop.org/show_bug.cgi?id=94506 --- src/polkitagent/polkitagentlistener.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c index 491e4b9..4704b03 100644 --- a/src/polkitagent/polkitagentlistener.c +++ b/src/polkitagent/polkitagentlistener.c @@ -129,6 +129,8 @@ server_free (Server *server) g_object_unref (server->subject); g_free (server->object_path); + + g_free (server); } static gboolean -- 2.12.1