server: fix potential memleak and NULL deref

If for some reason that errno is neither value (ENOMEM or EINVAL), then prior to this patch, there would be a NULL deref in wl_closure_lookup(...) at the "else if" conditional when closure == NULL. Also, closure might not be NULL but still fall into the block due to the wl_closure_lookup < 0 condition... in that case, we need to destroy the closure to avoid a memory leak. Currently, wl_connection_demarshal only sets errno to ENOMEM or EINVAL... we've already checked for ENOMEM so remove check for EINVAL (just assume it). Also, call wl_closure_destroy(...) unconditionally in the "else if" block (assume it can handle NULL closure, too, which it does right now). Signed-off-by: U. Artie Eoff <ullysses.a.eoff@intel.com>
2014-05-05 16:28:26 -07:00 · 2014-05-05 16:28:26 -07:00 · 0f23b73a06
commit 0f23b73a06
parent b41ded812d
1 changed files with 2 additions and 1 deletions
--- a/src/wayland-server.c
+++ b/src/wayland-server.c
@ -313,7 +313,7 @@ wl_client_connection_data(int fd, uint32_t mask, void *data)
 		if (closure == NULL && errno == ENOMEM) {
 			wl_resource_post_no_memory(resource);
 			break;
-		} else if ((closure == NULL && errno == EINVAL) ||
+		} else if (closure == NULL ||
 			   wl_closure_lookup_objects(closure, &client->objects) < 0) {
 			wl_resource_post_error(client->display_resource,
 					       WL_DISPLAY_ERROR_INVALID_METHOD,
@ -321,6 +321,7 @@ wl_client_connection_data(int fd, uint32_t mask, void *data)
 					       object->interface->name,
 					       object->id,
 					       message->name);
+			wl_closure_destroy(closure);
 			break;
 		}