diff options
author | Shinwoo Kim <cinoo.kim@samsung.com> | 2017-07-31 15:50:48 +0900 |
---|---|---|
committer | Carsten Haitzler (Rasterman) <raster@rasterman.com> | 2017-07-31 15:53:58 +0900 |
commit | a238272f0067f3664dfc0178baecea57a234b15c (patch) | |
tree | ba760ed7314c275ce7332a96bde4b1927fb11f0c | |
parent | ca625aa323fcf3c40a660cf693fd30d1d737f13a (diff) | |
download | efl-a238272f0067f3664dfc0178baecea57a234b15c.tar.gz |
eldbus: check message serial before using
Summary:
Whatever the dbus_connection_send_with_reply returns, the serial value
should be checked, because if the seral value is invalid a process could be aborted.
There is backtrace as below.
The dbus_connection_send_with_reply could return TRUE
even though it has a problem. Please refer to following comment:
/* Refuse to send fds on a connection that cannot handle
them. Unfortunately we cannot return a proper error here, so
the best we can do is return TRUE but leave *pending_return
as NULL. */
Test Plan:
There is not a exact reproduce step. If the Tizen login manager is relaunched
repeatedly, then the dbus and other service processes are relaunched.
If a service process tries to use dbus when the dbus has problem as above,
then it could be possilbe to get above backtrace.
Reviewers: raster, zehortigoza
Subscribers: cedric, jpeg
Differential Revision: https://phab.enlightenment.org/D5053
@fix
-rw-r--r-- | src/lib/eldbus/eldbus_pending.c | 28 |
1 files changed, 21 insertions, 7 deletions
diff --git a/src/lib/eldbus/eldbus_pending.c b/src/lib/eldbus/eldbus_pending.c index 69ea322fc7..ecf65db100 100644 --- a/src/lib/eldbus/eldbus_pending.c +++ b/src/lib/eldbus/eldbus_pending.c @@ -113,6 +113,20 @@ eldbus_connection_send(Eldbus_Connection *conn, Eldbus_Message *msg, Eldbus_Mess return pending; } +Eldbus_Message * +_eldbus_message_error_get(const Eldbus_Message *msg, const char *error_name, const char *error_msg) +{ + int32_t serial; + + serial = dbus_message_get_serial(msg->dbus_msg); + if (serial == 0) + { + return NULL; + } + + return eldbus_message_error_new(msg, error_name, error_msg); +} + /* * On success @param msg is unref'd or its ref is stolen by the returned * Eldbus_Pending. @@ -152,15 +166,15 @@ _eldbus_connection_send(Eldbus_Connection *conn, Eldbus_Message *msg, Eldbus_Mes msg->dbus_msg, &pending->dbus_pending, timeout)) { - error_msg = eldbus_message_error_new(msg, "org.enlightenment.DBus.NoConnection", - "Eldbus_Connection was closed."); + error_msg = _eldbus_message_error_get(msg, "org.enlightenment.DBus.NoConnection", + "Eldbus_Connection was closed."); eldbus_pending_dispatch(pending, error_msg); return NULL; } if (!pending->dbus_pending) { - error_msg = eldbus_message_error_new(msg, "org.enlightenment.DBus.Error", - "dbus_pending is NULL."); + error_msg = _eldbus_message_error_get(msg, "org.enlightenment.DBus.Error", + "dbus_pending is NULL."); eldbus_pending_dispatch(pending, error_msg); return NULL; } @@ -168,9 +182,9 @@ _eldbus_connection_send(Eldbus_Connection *conn, Eldbus_Message *msg, Eldbus_Mes return pending; dbus_pending_call_cancel(pending->dbus_pending); - error_msg = eldbus_message_error_new(pending->msg_sent, - "org.enlightenment.DBus.Error", - "Error when try set callback to message."); + error_msg = _eldbus_message_error_get(pending->msg_sent, + "org.enlightenment.DBus.Error", + "Error when try set callback to message."); eldbus_pending_dispatch(pending, error_msg); return NULL; } |