diff options
| author | Miloslav Trmač <mitr@redhat.com> | 2015-04-01 05:22:37 +0200 |
|---|---|---|
| committer | Miloslav Trmač <mitr@redhat.com> | 2015-06-23 18:57:15 +0200 |
| commit | 9f5e0c731784003bd4d6fc75ab739ff8b2ea269f (patch) | |
| tree | 487ffa47c75d4dd88167ba31b71eae7658b59b50 /src | |
| parent | d7da6a23766e9c95fa333a0a9c742f7397c0ad22 (diff) | |
| download | polkit-9f5e0c731784003bd4d6fc75ab739ff8b2ea269f.tar.gz | |
CVE-2015-3255 Fix GHashTable usage.
Don't assume that the hash table with free both the key and the value
at the same time, supply proper deallocation functions for the key
and value separately.
Then drop ParsedAction::action_id which is no longer used for anything.
https://bugs.freedesktop.org/show_bug.cgi?id=69501
and
https://bugs.freedesktop.org/show_bug.cgi?id=83590
CVE: CVE-2015-3255
Diffstat (limited to 'src')
| -rw-r--r-- | src/polkitbackend/polkitbackendactionpool.c | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c index bc14381..3894fe9 100644 --- a/src/polkitbackend/polkitbackendactionpool.c +++ b/src/polkitbackend/polkitbackendactionpool.c @@ -40,7 +40,6 @@ typedef struct { - gchar *action_id; gchar *vendor_name; gchar *vendor_url; gchar *icon_name; @@ -62,7 +61,6 @@ typedef struct static void parsed_action_free (ParsedAction *action) { - g_free (action->action_id); g_free (action->vendor_name); g_free (action->vendor_url); g_free (action->icon_name); @@ -134,7 +132,7 @@ polkit_backend_action_pool_init (PolkitBackendActionPool *pool) priv->parsed_actions = g_hash_table_new_full (g_str_hash, g_str_equal, - NULL, + g_free, (GDestroyNotify) parsed_action_free); priv->parsed_files = g_hash_table_new_full (g_str_hash, @@ -988,7 +986,6 @@ _end (void *data, const char *el) icon_name = pd->global_icon_name; action = g_new0 (ParsedAction, 1); - action->action_id = g_strdup (pd->action_id); action->vendor_name = g_strdup (vendor); action->vendor_url = g_strdup (vendor_url); action->icon_name = g_strdup (icon_name); @@ -1003,7 +1000,8 @@ _end (void *data, const char *el) action->implicit_authorization_inactive = pd->implicit_authorization_inactive; action->implicit_authorization_active = pd->implicit_authorization_active; - g_hash_table_insert (priv->parsed_actions, action->action_id, action); + g_hash_table_insert (priv->parsed_actions, g_strdup (pd->action_id), + action); /* we steal these hash tables */ pd->annotations = NULL; |