Commit 8ce95db1 authored by Ray Strode's avatar Ray Strode

Merge branch 'wip/CVE-2018-14424-use-after-free' into 'master'

CVE-2018-14424 use after free

Closes #401

See merge request !31
parents 0e92e2c9 59149d10
......@@ -76,15 +76,10 @@ stored_display_new (GdmDisplayStore *store,
static void
stored_display_free (StoredDisplay *stored_display)
{
char *id;
gdm_display_get_id (stored_display->display, &id, NULL);
g_signal_emit (G_OBJECT (stored_display->store),
signals[DISPLAY_REMOVED],
0,
id);
g_free (id);
stored_display->display);
g_debug ("GdmDisplayStore: Unreffing display: %p",
stored_display->display);
......@@ -281,9 +276,9 @@ gdm_display_store_class_init (GdmDisplayStoreClass *klass)
G_STRUCT_OFFSET (GdmDisplayStoreClass, display_removed),
NULL,
NULL,
g_cclosure_marshal_VOID__STRING,
g_cclosure_marshal_VOID__OBJECT,
G_TYPE_NONE,
1, G_TYPE_STRING);
1, G_TYPE_OBJECT);
g_type_class_add_private (klass, sizeof (GdmDisplayStorePrivate));
}
......
......@@ -49,7 +49,7 @@ typedef struct
void (* display_added) (GdmDisplayStore *display_store,
const char *id);
void (* display_removed) (GdmDisplayStore *display_store,
const char *id);
GdmDisplay *display);
} GdmDisplayStoreClass;
typedef enum
......
......@@ -1109,18 +1109,18 @@ register_display (GdmDisplay *self)
self->priv->object_skeleton = g_dbus_object_skeleton_new (self->priv->id);
self->priv->display_skeleton = GDM_DBUS_DISPLAY (gdm_dbus_display_skeleton_new ());
g_signal_connect (self->priv->display_skeleton, "handle-get-id",
G_CALLBACK (handle_get_id), self);
g_signal_connect (self->priv->display_skeleton, "handle-get-remote-hostname",
G_CALLBACK (handle_get_remote_hostname), self);
g_signal_connect (self->priv->display_skeleton, "handle-get-seat-id",
G_CALLBACK (handle_get_seat_id), self);
g_signal_connect (self->priv->display_skeleton, "handle-get-x11-display-name",
G_CALLBACK (handle_get_x11_display_name), self);
g_signal_connect (self->priv->display_skeleton, "handle-is-local",
G_CALLBACK (handle_is_local), self);
g_signal_connect (self->priv->display_skeleton, "handle-is-initial",
G_CALLBACK (handle_is_initial), self);
g_signal_connect_object (self->priv->display_skeleton, "handle-get-id",
G_CALLBACK (handle_get_id), self, 0);
g_signal_connect_object (self->priv->display_skeleton, "handle-get-remote-hostname",
G_CALLBACK (handle_get_remote_hostname), self, 0);
g_signal_connect_object (self->priv->display_skeleton, "handle-get-seat-id",
G_CALLBACK (handle_get_seat_id), self, 0);
g_signal_connect_object (self->priv->display_skeleton, "handle-get-x11-display-name",
G_CALLBACK (handle_get_x11_display_name), self, 0);
g_signal_connect_object (self->priv->display_skeleton, "handle-is-local",
G_CALLBACK (handle_is_local), self, 0);
g_signal_connect_object (self->priv->display_skeleton, "handle-is-initial",
G_CALLBACK (handle_is_initial), self, 0);
g_dbus_object_skeleton_add_interface (self->priv->object_skeleton,
G_DBUS_INTERFACE_SKELETON (self->priv->display_skeleton));
......
......@@ -805,18 +805,11 @@ on_display_added (GdmDisplayStore *display_store,
static void
on_display_removed (GdmDisplayStore *display_store,
const char *id,
GdmDisplay *display,
GdmLocalDisplayFactory *factory)
{
GdmDisplay *display;
display = gdm_display_store_lookup (display_store, id);
if (display != NULL) {
g_signal_handlers_disconnect_by_func (display, G_CALLBACK (on_display_status_changed), factory);
g_object_weak_unref (G_OBJECT (display), (GWeakNotify)on_display_disposed, factory);
}
g_signal_handlers_disconnect_by_func (display, G_CALLBACK (on_display_status_changed), factory);
g_object_weak_unref (G_OBJECT (display), (GWeakNotify)on_display_disposed, factory);
}
static gboolean
......
......@@ -1541,19 +1541,18 @@ on_display_status_changed (GdmDisplay *display,
static void
on_display_removed (GdmDisplayStore *display_store,
const char *id,
GdmDisplay *display,
GdmManager *manager)
{
GdmDisplay *display;
char *id;
display = gdm_display_store_lookup (display_store, id);
if (display != NULL) {
g_dbus_object_manager_server_unexport (manager->priv->object_manager, id);
gdm_display_get_id (display, &id, NULL);
g_dbus_object_manager_server_unexport (manager->priv->object_manager, id);
g_free (id);
g_signal_handlers_disconnect_by_func (display, G_CALLBACK (on_display_status_changed), manager);
g_signal_handlers_disconnect_by_func (display, G_CALLBACK (on_display_status_changed), manager);
g_signal_emit (manager, signals[DISPLAY_REMOVED], 0, id);
}
g_signal_emit (manager, signals[DISPLAY_REMOVED], 0, display);
}
static void
......@@ -2535,9 +2534,9 @@ gdm_manager_class_init (GdmManagerClass *klass)
G_STRUCT_OFFSET (GdmManagerClass, display_removed),
NULL,
NULL,
g_cclosure_marshal_VOID__STRING,
g_cclosure_marshal_VOID__OBJECT,
G_TYPE_NONE,
1, G_TYPE_STRING);
1, G_TYPE_OBJECT);
g_object_class_install_property (object_class,
PROP_XDMCP_ENABLED,
......
......@@ -24,6 +24,7 @@
#include <glib-object.h>
#include "gdm-display.h"
#include "gdm-manager-glue.h"
G_BEGIN_DECLS
......@@ -50,7 +51,7 @@ typedef struct
void (* display_added) (GdmManager *manager,
const char *id);
void (* display_removed) (GdmManager *manager,
const char *id);
GdmDisplay *display);
} GdmManagerClass;
typedef enum
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment