diff options
author | Jens Georg <mail@jensge.org> | 2019-01-24 11:15:10 +0100 |
---|---|---|
committer | Jens Georg <mail@jensge.org> | 2019-01-24 11:15:10 +0100 |
commit | 71457e92ed70b3cb33f80b752cf32217502bb3a0 (patch) | |
tree | 3ddeeb304741e1e1ca7e9230325b127ebb6653f4 | |
parent | 1b40f2b5c05ad04189d6b2283dbe5152ab818825 (diff) | |
download | gssdp-71457e92ed70b3cb33f80b752cf32217502bb3a0.tar.gz |
client: Crash due to dangling pointer
After clearing the custom header list, priv->headers was left dangling
which would lead to use-after-free access when sending the bye-bye
messages on client destruction
Fixes #1
-rw-r--r-- | libgssdp/gssdp-client.c | 1 | ||||
-rw-r--r-- | tests/test-regression.c | 44 |
2 files changed, 45 insertions, 0 deletions
diff --git a/libgssdp/gssdp-client.c b/libgssdp/gssdp-client.c index f9c8d3e..89e3784 100644 --- a/libgssdp/gssdp-client.c +++ b/libgssdp/gssdp-client.c @@ -1032,6 +1032,7 @@ gssdp_client_clear_headers (GSSDPClient *client) g_list_free_full (priv->headers, (GDestroyNotify) header_field_free); + priv->headers = NULL; } /** diff --git a/tests/test-regression.c b/tests/test-regression.c index 79b01f9..1b3065d 100644 --- a/tests/test-regression.c +++ b/tests/test-regression.c @@ -370,6 +370,49 @@ static void test_bgo724030 (void) * ============================================================================ */ +/* BEGIN Regression test + * https://gitlab.gnome.org/GNOME/gssdp/issues/1 + * ============================================================================ + * - Check that sending a message after clearing the custom headers does not + * crash + */ + +static void test_ggo_1(void) +{ + GSSDPClient *dest; + GSSDPResourceGroup *group; + GMainLoop *loop; + GError *error = NULL; + + loop = g_main_loop_new (NULL, FALSE); + dest = get_client (&error); + g_assert_nonnull (dest); + g_assert_null (error); + gssdp_client_append_header (dest, "Foo", "bar"); + + group = gssdp_resource_group_new (dest); + g_assert_nonnull (group); + + gssdp_resource_group_add_resource_simple (group, + USN, + UUID_1"::"USN, + "http://127.0.0.1:3456"); + gssdp_resource_group_set_max_age (group, 1); + gssdp_resource_group_set_available (group, TRUE); + g_timeout_add_seconds (2, quit_loop, loop); + g_main_loop_run (loop); + + gssdp_client_clear_headers (dest); + g_object_unref (dest); + g_timeout_add_seconds (10, quit_loop, loop); + g_main_loop_run (loop); +} + +/* END Regression test + * https://gitlab.gnome.org/GNOME/gssdp/issues/1 + * ============================================================================ + */ + int main (int argc, char *argv[]) { @@ -382,6 +425,7 @@ int main (int argc, char *argv[]) g_test_add_func ("/bugs/gnome/673150", test_bgo673150); g_test_add_func ("/bugs/gnome/682099", test_bgo682099); g_test_add_func ("/bugs/gnome/724030", test_bgo724030); + g_test_add_func ("/bugs/ggo/1", test_ggo_1); } g_test_run (); |