ubusd: fix incomplete copy of shared buf during queue-ing

For a shared ubus_msg_buf, the ubus_msg_ref function will create a copy for queue-ing. Problem is, that during the dequeue (especially) in client_cb, the header is 0-ed (because it's was a newly alloc-ed buffer). And during ubus_msg_writev(), the header info will be ignored by the client. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
author: Alexandru Ardelean <ardeleanalex@gmail.com> 2017-02-02 17:59:49 +0200
committer: Felix Fietkau <nbd@nbd.name> 2017-02-07 10:45:14 +0100
commit: c09e4f06f0f54be8304fb4459445198920fea32e (patch)
tree: 41a81b3ec27c4223b08476a4a30f222a1f1d6935
parent: 91acde66b963e238aba35fb4f2030a147df84cd4 (diff)
download: ubus-c09e4f06f0f54be8304fb4459445198920fea32e.tar.gz
1 files changed, 9 insertions, 2 deletions
diff --git a/ubusd.c b/ubusd.c
index 5409b7f..f060b38 100644
--- a/ubusd.c
+++ b/ubusd.c
@@ -32,8 +32,15 @@
 
 static struct ubus_msg_buf *ubus_msg_ref(struct ubus_msg_buf *ub)
 {
-	if (ub->refcount == ~0)
-		return ubus_msg_new(ub->data, ub->len, false);
+	struct ubus_msg_buf *new_ub;
+	if (ub->refcount == ~0) {
+		new_ub = ubus_msg_new(ub->data, ub->len, false);
+		if (!new_ub)
+			return NULL;
+		memcpy(&new_ub->hdr, &ub->hdr, sizeof(struct ubus_msghdr));
+		new_ub->fd = ub->fd;
+		return new_ub;
+	}
 
 	ub->refcount++;
 	return ub;
author	Alexandru Ardelean <ardeleanalex@gmail.com>	2017-02-02 17:59:49 +0200
committer	Felix Fietkau <nbd@nbd.name>	2017-02-07 10:45:14 +0100
commit	c09e4f06f0f54be8304fb4459445198920fea32e (patch)
tree	41a81b3ec27c4223b08476a4a30f222a1f1d6935
parent	91acde66b963e238aba35fb4f2030a147df84cd4 (diff)
download	ubus-c09e4f06f0f54be8304fb4459445198920fea32e.tar.gz