From 5accf42aabb94e88a02bd27858ce829cd870818b Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Fri, 17 Aug 2018 15:33:10 +0100
Subject: [PATCH 1/2] bus_driver_handle_become_monitor: Don't leak zero-length
 array of rules

Only privileged users can trigger this leak, so it is not a denial of
service attack.

Signed-off-by: Simon McVittie <smcv@collabora.com>
---
 bus/driver.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/bus/driver.c b/bus/driver.c
index 8015f28b..9b3e43ee 100644
--- a/bus/driver.c
+++ b/bus/driver.c
@@ -2258,6 +2258,7 @@ bus_driver_handle_become_monitor (DBusConnection *connection,
   /* Special case: a zero-length array becomes [""] */
   if (n_match_rules == 0)
     {
+      dbus_free (match_rules);
       match_rules = dbus_malloc (2 * sizeof (char *));
 
       if (match_rules == NULL)

From 85d07a97e6a787be5b5d201e0f320e927e3f3e86 Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Fri, 17 Aug 2018 15:37:36 +0100
Subject: [PATCH 2/2] bus_container_instance_new: Don't leak empty DBusString
 object

We already stole its data, but that allocated a new buffer, which we
still need to free.

Signed-off-by: Simon McVittie <smcv@collabora.com>
---
 bus/containers.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/bus/containers.c b/bus/containers.c
index 5542e16b..213ce3c9 100644
--- a/bus/containers.c
+++ b/bus/containers.c
@@ -425,6 +425,7 @@ bus_container_instance_new (BusContext *context,
   if (!_dbus_string_steal_data (&path, &self->path))
     goto fail;
 
+  _dbus_string_free (&path);
   return self;
 
 fail: