summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMiloslav Trmač <mitr@redhat.com>2015-04-01 05:22:37 +0200
committerMiloslav Trmač <mitr@redhat.com>2015-06-23 18:57:15 +0200
commit9f5e0c731784003bd4d6fc75ab739ff8b2ea269f (patch)
tree487ffa47c75d4dd88167ba31b71eae7658b59b50
parentd7da6a23766e9c95fa333a0a9c742f7397c0ad22 (diff)
CVE-2015-3255 Fix GHashTable usage.
Don't assume that the hash table with free both the key and the value at the same time, supply proper deallocation functions for the key and value separately. Then drop ParsedAction::action_id which is no longer used for anything. https://bugs.freedesktop.org/show_bug.cgi?id=69501 and https://bugs.freedesktop.org/show_bug.cgi?id=83590 CVE: CVE-2015-3255
-rw-r--r--src/polkitbackend/polkitbackendactionpool.c8
1 files changed, 3 insertions, 5 deletions
diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c
index bc14381..3894fe9 100644
--- a/src/polkitbackend/polkitbackendactionpool.c
+++ b/src/polkitbackend/polkitbackendactionpool.c
@@ -40,7 +40,6 @@
typedef struct
{
- gchar *action_id;
gchar *vendor_name;
gchar *vendor_url;
gchar *icon_name;
@@ -62,7 +61,6 @@ typedef struct
static void
parsed_action_free (ParsedAction *action)
{
- g_free (action->action_id);
g_free (action->vendor_name);
g_free (action->vendor_url);
g_free (action->icon_name);
@@ -134,7 +132,7 @@ polkit_backend_action_pool_init (PolkitBackendActionPool *pool)
priv->parsed_actions = g_hash_table_new_full (g_str_hash,
g_str_equal,
- NULL,
+ g_free,
(GDestroyNotify) parsed_action_free);
priv->parsed_files = g_hash_table_new_full (g_str_hash,
@@ -988,7 +986,6 @@ _end (void *data, const char *el)
icon_name = pd->global_icon_name;
action = g_new0 (ParsedAction, 1);
- action->action_id = g_strdup (pd->action_id);
action->vendor_name = g_strdup (vendor);
action->vendor_url = g_strdup (vendor_url);
action->icon_name = g_strdup (icon_name);
@@ -1003,7 +1000,8 @@ _end (void *data, const char *el)
action->implicit_authorization_inactive = pd->implicit_authorization_inactive;
action->implicit_authorization_active = pd->implicit_authorization_active;
- g_hash_table_insert (priv->parsed_actions, action->action_id, action);
+ g_hash_table_insert (priv->parsed_actions, g_strdup (pd->action_id),
+ action);
/* we steal these hash tables */
pd->annotations = NULL;