diff options
author | Ray Strode <rstrode@redhat.com> | 2018-07-19 16:01:23 -0400 |
---|---|---|
committer | Ray Strode <rstrode@redhat.com> | 2018-08-13 10:35:15 -0400 |
commit | 59149d106025b0cae8b91537890fb626bb678f29 (patch) | |
tree | 61920bd28b294b4347b2aa3d1f469daacc723770 | |
parent | 1ac1697b3b019f50729a6e992065959586e170da (diff) | |
download | gdm-59149d106025b0cae8b91537890fb626bb678f29.tar.gz |
display: tie skeleton handlers to object lifetime
Right now we assume a display skeleton object won't
outlive its associated display object.
In theory that should be true, but if we accidentally
leak the skeleton it could erroneously happen.
If that does happen then we'll end accessing free'd
memory, so the leak will turn into a crasher.
This commit addresses this problem by ensuring
the skeleton signal handlers are disconnected when the
associated display object goes away.
CVE-2018-14424
-rw-r--r-- | daemon/gdm-display.c | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/daemon/gdm-display.c b/daemon/gdm-display.c index 1b58781d..5e193f2f 100644 --- a/daemon/gdm-display.c +++ b/daemon/gdm-display.c @@ -1109,18 +1109,18 @@ register_display (GdmDisplay *self) self->priv->object_skeleton = g_dbus_object_skeleton_new (self->priv->id); self->priv->display_skeleton = GDM_DBUS_DISPLAY (gdm_dbus_display_skeleton_new ()); - g_signal_connect (self->priv->display_skeleton, "handle-get-id", - G_CALLBACK (handle_get_id), self); - g_signal_connect (self->priv->display_skeleton, "handle-get-remote-hostname", - G_CALLBACK (handle_get_remote_hostname), self); - g_signal_connect (self->priv->display_skeleton, "handle-get-seat-id", - G_CALLBACK (handle_get_seat_id), self); - g_signal_connect (self->priv->display_skeleton, "handle-get-x11-display-name", - G_CALLBACK (handle_get_x11_display_name), self); - g_signal_connect (self->priv->display_skeleton, "handle-is-local", - G_CALLBACK (handle_is_local), self); - g_signal_connect (self->priv->display_skeleton, "handle-is-initial", - G_CALLBACK (handle_is_initial), self); + g_signal_connect_object (self->priv->display_skeleton, "handle-get-id", + G_CALLBACK (handle_get_id), self, 0); + g_signal_connect_object (self->priv->display_skeleton, "handle-get-remote-hostname", + G_CALLBACK (handle_get_remote_hostname), self, 0); + g_signal_connect_object (self->priv->display_skeleton, "handle-get-seat-id", + G_CALLBACK (handle_get_seat_id), self, 0); + g_signal_connect_object (self->priv->display_skeleton, "handle-get-x11-display-name", + G_CALLBACK (handle_get_x11_display_name), self, 0); + g_signal_connect_object (self->priv->display_skeleton, "handle-is-local", + G_CALLBACK (handle_is_local), self, 0); + g_signal_connect_object (self->priv->display_skeleton, "handle-is-initial", + G_CALLBACK (handle_is_initial), self, 0); g_dbus_object_skeleton_add_interface (self->priv->object_skeleton, G_DBUS_INTERFACE_SKELETON (self->priv->display_skeleton)); |