From ca342ed61d6422a35da96f7732b7f824f2767d0e Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Sun, 23 Apr 2017 19:14:19 +0200 Subject: [PATCH] policy: fix memleak in lookup_callback() and cancelling When the operation is cancelled, we must not touch user_data. Note that NM_POLICY_GET_PRIVATE() theoretically doesn't dereference the pointer (does it?) but doing pointer arithmetic on a dangling pointer is a very ugly thing to do. And of course, the memleak. Fixes: 5c716c8af8ddca1d3f7510494754d875b01a8889 Fixes: a2cdf632045d60b26f7aff470dedb56c1f9b938d (cherry picked from commit 3215508293c26e9e8531c2482def598ef1bbbefd) (cherry picked from commit f1469558c0e117b41b2eb36ab1010f732a696374) --- src/nm-policy.c | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/src/nm-policy.c b/src/nm-policy.c index a2ff2945b2..28ec8617e2 100644 --- a/src/nm-policy.c +++ b/src/nm-policy.c @@ -490,26 +490,24 @@ lookup_callback (GObject *source, GAsyncResult *result, gpointer user_data) { - NMPolicy *self = (NMPolicy *) user_data; - NMPolicyPrivate *priv = NM_POLICY_GET_PRIVATE (self); - const char *hostname; - GError *error = NULL; + NMPolicy *self; + NMPolicyPrivate *priv; + gs_free char *hostname = NULL; + gs_free_error GError *error = NULL; hostname = g_resolver_lookup_by_address_finish (G_RESOLVER (source), result, &error); - if (g_error_matches (error, G_IO_ERROR, G_IO_ERROR_CANCELLED)) { - /* Don't touch policy; it may have been freed already */ - g_error_free (error); + if (g_error_matches (error, G_IO_ERROR, G_IO_ERROR_CANCELLED)) return; - } + + self = user_data; + priv = NM_POLICY_GET_PRIVATE (self); + + g_clear_object (&priv->lookup_cancellable); if (hostname) _set_hostname (self, hostname, "from address lookup"); - else { + else _set_hostname (self, NULL, error->message); - g_error_free (error); - } - - g_clear_object (&priv->lookup_cancellable); } static void