mirror of
https://github.com/swaywm/sway.git
synced 2024-11-27 02:11:28 +00:00
ipc-server: fix more use-after-frees on ipc_send_reply error
Since ipc_send_reply frees the client on error, we need to check the return value properly as we access client later on Found through static analysis.
This commit is contained in:
parent
0ab04b7434
commit
ebe69583c7
|
@ -466,6 +466,7 @@ void ipc_client_handle_command(struct ipc_client *client) {
|
||||||
}
|
}
|
||||||
buf[client->payload_length] = '\0';
|
buf[client->payload_length] = '\0';
|
||||||
|
|
||||||
|
bool client_valid = true;
|
||||||
switch (client->current_command) {
|
switch (client->current_command) {
|
||||||
case IPC_COMMAND:
|
case IPC_COMMAND:
|
||||||
{
|
{
|
||||||
|
@ -473,7 +474,7 @@ void ipc_client_handle_command(struct ipc_client *client) {
|
||||||
const char *json = cmd_results_to_json(results);
|
const char *json = cmd_results_to_json(results);
|
||||||
char reply[256];
|
char reply[256];
|
||||||
int length = snprintf(reply, sizeof(reply), "%s", json);
|
int length = snprintf(reply, sizeof(reply), "%s", json);
|
||||||
ipc_send_reply(client, reply, (uint32_t) length);
|
client_valid = ipc_send_reply(client, reply, (uint32_t)length);
|
||||||
free_cmd_results(results);
|
free_cmd_results(results);
|
||||||
goto exit_cleanup;
|
goto exit_cleanup;
|
||||||
}
|
}
|
||||||
|
@ -496,6 +497,7 @@ void ipc_client_handle_command(struct ipc_client *client) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
const char *json_string = json_object_to_json_string(outputs);
|
const char *json_string = json_object_to_json_string(outputs);
|
||||||
|
client_valid =
|
||||||
ipc_send_reply(client, json_string, (uint32_t)strlen(json_string));
|
ipc_send_reply(client, json_string, (uint32_t)strlen(json_string));
|
||||||
json_object_put(outputs); // free
|
json_object_put(outputs); // free
|
||||||
goto exit_cleanup;
|
goto exit_cleanup;
|
||||||
|
@ -507,6 +509,7 @@ void ipc_client_handle_command(struct ipc_client *client) {
|
||||||
container_for_each_descendant_dfs(&root_container,
|
container_for_each_descendant_dfs(&root_container,
|
||||||
ipc_get_workspaces_callback, workspaces);
|
ipc_get_workspaces_callback, workspaces);
|
||||||
const char *json_string = json_object_to_json_string(workspaces);
|
const char *json_string = json_object_to_json_string(workspaces);
|
||||||
|
client_valid =
|
||||||
ipc_send_reply(client, json_string, (uint32_t)strlen(json_string));
|
ipc_send_reply(client, json_string, (uint32_t)strlen(json_string));
|
||||||
json_object_put(workspaces); // free
|
json_object_put(workspaces); // free
|
||||||
goto exit_cleanup;
|
goto exit_cleanup;
|
||||||
|
@ -517,7 +520,7 @@ void ipc_client_handle_command(struct ipc_client *client) {
|
||||||
// TODO: Check if they're permitted to use these events
|
// TODO: Check if they're permitted to use these events
|
||||||
struct json_object *request = json_tokener_parse(buf);
|
struct json_object *request = json_tokener_parse(buf);
|
||||||
if (request == NULL) {
|
if (request == NULL) {
|
||||||
ipc_send_reply(client, "{\"success\": false}", 18);
|
client_valid = ipc_send_reply(client, "{\"success\": false}", 18);
|
||||||
wlr_log_errno(L_INFO, "Failed to read request");
|
wlr_log_errno(L_INFO, "Failed to read request");
|
||||||
goto exit_cleanup;
|
goto exit_cleanup;
|
||||||
}
|
}
|
||||||
|
@ -538,6 +541,7 @@ void ipc_client_handle_command(struct ipc_client *client) {
|
||||||
} else if (strcmp(event_type, "binding") == 0) {
|
} else if (strcmp(event_type, "binding") == 0) {
|
||||||
client->subscribed_events |= event_mask(IPC_EVENT_BINDING);
|
client->subscribed_events |= event_mask(IPC_EVENT_BINDING);
|
||||||
} else {
|
} else {
|
||||||
|
client_valid =
|
||||||
ipc_send_reply(client, "{\"success\": false}", 18);
|
ipc_send_reply(client, "{\"success\": false}", 18);
|
||||||
json_object_put(request);
|
json_object_put(request);
|
||||||
wlr_log_errno(L_INFO, "Failed to parse request");
|
wlr_log_errno(L_INFO, "Failed to parse request");
|
||||||
|
@ -546,7 +550,7 @@ void ipc_client_handle_command(struct ipc_client *client) {
|
||||||
}
|
}
|
||||||
|
|
||||||
json_object_put(request);
|
json_object_put(request);
|
||||||
ipc_send_reply(client, "{\"success\": true}", 17);
|
client_valid = ipc_send_reply(client, "{\"success\": true}", 17);
|
||||||
goto exit_cleanup;
|
goto exit_cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -558,6 +562,7 @@ void ipc_client_handle_command(struct ipc_client *client) {
|
||||||
json_object_array_add(inputs, ipc_json_describe_input(device));
|
json_object_array_add(inputs, ipc_json_describe_input(device));
|
||||||
}
|
}
|
||||||
const char *json_string = json_object_to_json_string(inputs);
|
const char *json_string = json_object_to_json_string(inputs);
|
||||||
|
client_valid =
|
||||||
ipc_send_reply(client, json_string, (uint32_t)strlen(json_string));
|
ipc_send_reply(client, json_string, (uint32_t)strlen(json_string));
|
||||||
json_object_put(inputs); // free
|
json_object_put(inputs); // free
|
||||||
goto exit_cleanup;
|
goto exit_cleanup;
|
||||||
|
@ -571,6 +576,7 @@ void ipc_client_handle_command(struct ipc_client *client) {
|
||||||
json_object_array_add(seats, ipc_json_describe_seat(seat));
|
json_object_array_add(seats, ipc_json_describe_seat(seat));
|
||||||
}
|
}
|
||||||
const char *json_string = json_object_to_json_string(seats);
|
const char *json_string = json_object_to_json_string(seats);
|
||||||
|
client_valid =
|
||||||
ipc_send_reply(client, json_string, (uint32_t)strlen(json_string));
|
ipc_send_reply(client, json_string, (uint32_t)strlen(json_string));
|
||||||
json_object_put(seats); // free
|
json_object_put(seats); // free
|
||||||
goto exit_cleanup;
|
goto exit_cleanup;
|
||||||
|
@ -581,6 +587,7 @@ void ipc_client_handle_command(struct ipc_client *client) {
|
||||||
json_object *tree =
|
json_object *tree =
|
||||||
ipc_json_describe_container_recursive(&root_container);
|
ipc_json_describe_container_recursive(&root_container);
|
||||||
const char *json_string = json_object_to_json_string(tree);
|
const char *json_string = json_object_to_json_string(tree);
|
||||||
|
client_valid =
|
||||||
ipc_send_reply(client, json_string, (uint32_t) strlen(json_string));
|
ipc_send_reply(client, json_string, (uint32_t) strlen(json_string));
|
||||||
json_object_put(tree);
|
json_object_put(tree);
|
||||||
goto exit_cleanup;
|
goto exit_cleanup;
|
||||||
|
@ -592,6 +599,7 @@ void ipc_client_handle_command(struct ipc_client *client) {
|
||||||
container_descendants(&root_container, C_VIEW, ipc_get_marks_callback,
|
container_descendants(&root_container, C_VIEW, ipc_get_marks_callback,
|
||||||
marks);
|
marks);
|
||||||
const char *json_string = json_object_to_json_string(marks);
|
const char *json_string = json_object_to_json_string(marks);
|
||||||
|
client_valid =
|
||||||
ipc_send_reply(client, json_string, (uint32_t)strlen(json_string));
|
ipc_send_reply(client, json_string, (uint32_t)strlen(json_string));
|
||||||
json_object_put(marks);
|
json_object_put(marks);
|
||||||
goto exit_cleanup;
|
goto exit_cleanup;
|
||||||
|
@ -601,6 +609,7 @@ void ipc_client_handle_command(struct ipc_client *client) {
|
||||||
{
|
{
|
||||||
json_object *version = ipc_json_get_version();
|
json_object *version = ipc_json_get_version();
|
||||||
const char *json_string = json_object_to_json_string(version);
|
const char *json_string = json_object_to_json_string(version);
|
||||||
|
client_valid =
|
||||||
ipc_send_reply(client, json_string, (uint32_t)strlen(json_string));
|
ipc_send_reply(client, json_string, (uint32_t)strlen(json_string));
|
||||||
json_object_put(version); // free
|
json_object_put(version); // free
|
||||||
goto exit_cleanup;
|
goto exit_cleanup;
|
||||||
|
@ -616,7 +625,9 @@ void ipc_client_handle_command(struct ipc_client *client) {
|
||||||
json_object_array_add(bars, json_object_new_string(bar->id));
|
json_object_array_add(bars, json_object_new_string(bar->id));
|
||||||
}
|
}
|
||||||
const char *json_string = json_object_to_json_string(bars);
|
const char *json_string = json_object_to_json_string(bars);
|
||||||
ipc_send_reply(client, json_string, (uint32_t)strlen(json_string));
|
client_valid =
|
||||||
|
ipc_send_reply(client, json_string,
|
||||||
|
(uint32_t)strlen(json_string));
|
||||||
json_object_put(bars); // free
|
json_object_put(bars); // free
|
||||||
} else {
|
} else {
|
||||||
// Send particular bar's details
|
// Send particular bar's details
|
||||||
|
@ -630,12 +641,15 @@ void ipc_client_handle_command(struct ipc_client *client) {
|
||||||
}
|
}
|
||||||
if (!bar) {
|
if (!bar) {
|
||||||
const char *error = "{ \"success\": false, \"error\": \"No bar with that ID\" }";
|
const char *error = "{ \"success\": false, \"error\": \"No bar with that ID\" }";
|
||||||
|
client_valid =
|
||||||
ipc_send_reply(client, error, (uint32_t)strlen(error));
|
ipc_send_reply(client, error, (uint32_t)strlen(error));
|
||||||
goto exit_cleanup;
|
goto exit_cleanup;
|
||||||
}
|
}
|
||||||
json_object *json = ipc_json_describe_bar_config(bar);
|
json_object *json = ipc_json_describe_bar_config(bar);
|
||||||
const char *json_string = json_object_to_json_string(json);
|
const char *json_string = json_object_to_json_string(json);
|
||||||
ipc_send_reply(client, json_string, (uint32_t)strlen(json_string));
|
client_valid =
|
||||||
|
ipc_send_reply(client, json_string,
|
||||||
|
(uint32_t)strlen(json_string));
|
||||||
json_object_put(json); // free
|
json_object_put(json); // free
|
||||||
}
|
}
|
||||||
goto exit_cleanup;
|
goto exit_cleanup;
|
||||||
|
@ -647,7 +661,9 @@ void ipc_client_handle_command(struct ipc_client *client) {
|
||||||
}
|
}
|
||||||
|
|
||||||
exit_cleanup:
|
exit_cleanup:
|
||||||
|
if (client_valid) {
|
||||||
client->payload_length = 0;
|
client->payload_length = 0;
|
||||||
|
}
|
||||||
free(buf);
|
free(buf);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue