display: tie skeleton handlers to object lifetime

Right now we assume a display skeleton object won't outlive its associated display object. In theory that should be true, but if we accidentally leak the skeleton it could erroneously happen. If that does happen then we'll end accessing free'd memory, so the leak will turn into a crasher. This commit addresses this problem by ensuring the skeleton signal handlers are disconnected when the associated display object goes away. CVE-2018-14424
author: Ray Strode <rstrode@redhat.com> 2018-07-19 16:01:23 -0400
committer: Ray Strode <rstrode@redhat.com> 2018-08-13 10:35:15 -0400
commit: 59149d106025b0cae8b91537890fb626bb678f29 (patch)
tree: 61920bd28b294b4347b2aa3d1f469daacc723770
parent: 1ac1697b3b019f50729a6e992065959586e170da (diff)
download: gdm-59149d106025b0cae8b91537890fb626bb678f29.tar.gz
1 files changed, 12 insertions, 12 deletions
diff --git a/daemon/gdm-display.c b/daemon/gdm-display.c
index 1b58781d..5e193f2f 100644
--- a/daemon/gdm-display.c
+++ b/daemon/gdm-display.c
@@ -1109,18 +1109,18 @@ register_display (GdmDisplay *self)
         self->priv->object_skeleton = g_dbus_object_skeleton_new (self->priv->id);
         self->priv->display_skeleton = GDM_DBUS_DISPLAY (gdm_dbus_display_skeleton_new ());
 
-        g_signal_connect (self->priv->display_skeleton, "handle-get-id",
-                          G_CALLBACK (handle_get_id), self);
-        g_signal_connect (self->priv->display_skeleton, "handle-get-remote-hostname",
-                          G_CALLBACK (handle_get_remote_hostname), self);
-        g_signal_connect (self->priv->display_skeleton, "handle-get-seat-id",
-                          G_CALLBACK (handle_get_seat_id), self);
-        g_signal_connect (self->priv->display_skeleton, "handle-get-x11-display-name",
-                          G_CALLBACK (handle_get_x11_display_name), self);
-        g_signal_connect (self->priv->display_skeleton, "handle-is-local",
-                          G_CALLBACK (handle_is_local), self);
-        g_signal_connect (self->priv->display_skeleton, "handle-is-initial",
-                          G_CALLBACK (handle_is_initial), self);
+        g_signal_connect_object (self->priv->display_skeleton, "handle-get-id",
+                                 G_CALLBACK (handle_get_id), self, 0);
+        g_signal_connect_object (self->priv->display_skeleton, "handle-get-remote-hostname",
+                                 G_CALLBACK (handle_get_remote_hostname), self, 0);
+        g_signal_connect_object (self->priv->display_skeleton, "handle-get-seat-id",
+                                 G_CALLBACK (handle_get_seat_id), self, 0);
+        g_signal_connect_object (self->priv->display_skeleton, "handle-get-x11-display-name",
+                                 G_CALLBACK (handle_get_x11_display_name), self, 0);
+        g_signal_connect_object (self->priv->display_skeleton, "handle-is-local",
+                                 G_CALLBACK (handle_is_local), self, 0);
+        g_signal_connect_object (self->priv->display_skeleton, "handle-is-initial",
+                                 G_CALLBACK (handle_is_initial), self, 0);
 
         g_dbus_object_skeleton_add_interface (self->priv->object_skeleton,
                                               G_DBUS_INTERFACE_SKELETON (self->priv->display_skeleton));
author	Ray Strode <rstrode@redhat.com>	2018-07-19 16:01:23 -0400
committer	Ray Strode <rstrode@redhat.com>	2018-08-13 10:35:15 -0400
commit	59149d106025b0cae8b91537890fb626bb678f29 (patch)
tree	61920bd28b294b4347b2aa3d1f469daacc723770
parent	1ac1697b3b019f50729a6e992065959586e170da (diff)
download	gdm-59149d106025b0cae8b91537890fb626bb678f29.tar.gz