diff options
| author |  Dominique Martinet <asmadeus@codewreck.org> | 2018-06-30 17:18:47 +0900 |
|---|---|---|
| committer | Dominique Martinet <asmadeus@codewreck.org> | 2018-07-02 08:03:41 +0900 |
| commit | ebe69583c7304fe50247b5929106e3e5ce95b53a (patch) | |
| tree | 6c883eb3098c6d50741f61da4fcda78c42e434c7 /sway/ipc-server.c | |
| parent | ipc-server: minor code cleanup (diff) | |
| download | sway-ebe69583c7304fe50247b5929106e3e5ce95b53a.tar.gz sway-ebe69583c7304fe50247b5929106e3e5ce95b53a.tar.zst sway-ebe69583c7304fe50247b5929106e3e5ce95b53a.zip | |
ipc-server: fix more use-after-frees on ipc_send_reply error
Since ipc_send_reply frees the client on error, we need to check the
return value properly as we access client later on
Found through static analysis.
Diffstat (limited to 'sway/ipc-server.c')
| -rw-r--r-- | sway/ipc-server.c | 46 |
1 files changed, 31 insertions, 15 deletions
diff --git a/sway/ipc-server.c b/sway/ipc-server.c index 2dfe2d03..3e510c2e 100644 --- a/sway/ipc-server.c +++ b/sway/ipc-server.c | |||
| @@ -466,6 +466,7 @@ void ipc_client_handle_command(struct ipc_client *client) { | |||
| 466 | } | 466 | } |
| 467 | buf[client->payload_length] = '\0'; | 467 | buf[client->payload_length] = '\0'; |
| 468 | 468 | ||
| 469 | bool client_valid = true; | ||
| 469 | switch (client->current_command) { | 470 | switch (client->current_command) { |
| 470 | case IPC_COMMAND: | 471 | case IPC_COMMAND: |
| 471 | { | 472 | { |
| @@ -473,7 +474,7 @@ void ipc_client_handle_command(struct ipc_client *client) { | |||
| 473 | const char *json = cmd_results_to_json(results); | 474 | const char *json = cmd_results_to_json(results); |
| 474 | char reply[256]; | 475 | char reply[256]; |
| 475 | int length = snprintf(reply, sizeof(reply), "%s", json); | 476 | int length = snprintf(reply, sizeof(reply), "%s", json); |
| 476 | ipc_send_reply(client, reply, (uint32_t) length); | 477 | client_valid = ipc_send_reply(client, reply, (uint32_t)length); |
| 477 | free_cmd_results(results); | 478 | free_cmd_results(results); |
| 478 | goto exit_cleanup; | 479 | goto exit_cleanup; |
| 479 | } | 480 | } |
| @@ -496,7 +497,8 @@ void ipc_client_handle_command(struct ipc_client *client) { | |||
| 496 | } | 497 | } |
| 497 | } | 498 | } |
| 498 | const char *json_string = json_object_to_json_string(outputs); | 499 | const char *json_string = json_object_to_json_string(outputs); |
| 499 | ipc_send_reply(client, json_string, (uint32_t) strlen(json_string)); | 500 | client_valid = |
| 501 | ipc_send_reply(client, json_string, (uint32_t)strlen(json_string)); | ||
| 500 | json_object_put(outputs); // free | 502 | json_object_put(outputs); // free |
| 501 | goto exit_cleanup; | 503 | goto exit_cleanup; |
| 502 | } | 504 | } |
| @@ -507,7 +509,8 @@ void ipc_client_handle_command(struct ipc_client *client) { | |||
| 507 | container_for_each_descendant_dfs(&root_container, | 509 | container_for_each_descendant_dfs(&root_container, |
| 508 | ipc_get_workspaces_callback, workspaces); | 510 | ipc_get_workspaces_callback, workspaces); |
| 509 | const char *json_string = json_object_to_json_string(workspaces); | 511 | const char *json_string = json_object_to_json_string(workspaces); |
| 510 | ipc_send_reply(client, json_string, (uint32_t) strlen(json_string)); | 512 | client_valid = |
| 513 | ipc_send_reply(client, json_string, (uint32_t)strlen(json_string)); | ||
| 511 | json_object_put(workspaces); // free | 514 | json_object_put(workspaces); // free |
| 512 | goto exit_cleanup; | 515 | goto exit_cleanup; |
| 513 | } | 516 | } |
| @@ -517,7 +520,7 @@ void ipc_client_handle_command(struct ipc_client *client) { | |||
| 517 | // TODO: Check if they're permitted to use these events | 520 | // TODO: Check if they're permitted to use these events |
| 518 | struct json_object *request = json_tokener_parse(buf); | 521 | struct json_object *request = json_tokener_parse(buf); |
| 519 | if (request == NULL) { | 522 | if (request == NULL) { |
| 520 | ipc_send_reply(client, "{\"success\": false}", 18); | 523 | client_valid = ipc_send_reply(client, "{\"success\": false}", 18); |
| 521 | wlr_log_errno(L_INFO, "Failed to read request"); | 524 | wlr_log_errno(L_INFO, "Failed to read request"); |
| 522 | goto exit_cleanup; | 525 | goto exit_cleanup; |
| 523 | } | 526 | } |
| @@ -538,7 +541,8 @@ void ipc_client_handle_command(struct ipc_client *client) { | |||
| 538 | } else if (strcmp(event_type, "binding") == 0) { | 541 | } else if (strcmp(event_type, "binding") == 0) { |
| 539 | client->subscribed_events |= event_mask(IPC_EVENT_BINDING); | 542 | client->subscribed_events |= event_mask(IPC_EVENT_BINDING); |
| 540 | } else { | 543 | } else { |
| 541 | ipc_send_reply(client, "{\"success\": false}", 18); | 544 | client_valid = |
| 545 | ipc_send_reply(client, "{\"success\": false}", 18); | ||
| 542 | json_object_put(request); | 546 | json_object_put(request); |
| 543 | wlr_log_errno(L_INFO, "Failed to parse request"); | 547 | wlr_log_errno(L_INFO, "Failed to parse request"); |
| 544 | goto exit_cleanup; | 548 | goto exit_cleanup; |
| @@ -546,7 +550,7 @@ void ipc_client_handle_command(struct ipc_client *client) { | |||
| 546 | } | 550 | } |
| 547 | 551 | ||
| 548 | json_object_put(request); | 552 | json_object_put(request); |
| 549 | ipc_send_reply(client, "{\"success\": true}", 17); | 553 | client_valid = ipc_send_reply(client, "{\"success\": true}", 17); |
| 550 | goto exit_cleanup; | 554 | goto exit_cleanup; |
| 551 | } | 555 | } |
| 552 | 556 | ||
| @@ -558,7 +562,8 @@ void ipc_client_handle_command(struct ipc_client *client) { | |||
| 558 | json_object_array_add(inputs, ipc_json_describe_input(device)); | 562 | json_object_array_add(inputs, ipc_json_describe_input(device)); |
| 559 | } | 563 | } |
| 560 | const char *json_string = json_object_to_json_string(inputs); | 564 | const char *json_string = json_object_to_json_string(inputs); |
| 561 | ipc_send_reply(client, json_string, (uint32_t)strlen(json_string)); | 565 | client_valid = |
| 566 | ipc_send_reply(client, json_string, (uint32_t)strlen(json_string)); | ||
| 562 | json_object_put(inputs); // free | 567 | json_object_put(inputs); // free |
| 563 | goto exit_cleanup; | 568 | goto exit_cleanup; |
| 564 | } | 569 | } |
| @@ -571,7 +576,8 @@ void ipc_client_handle_command(struct ipc_client *client) { | |||
| 571 | json_object_array_add(seats, ipc_json_describe_seat(seat)); | 576 | json_object_array_add(seats, ipc_json_describe_seat(seat)); |
| 572 | } | 577 | } |
| 573 | const char *json_string = json_object_to_json_string(seats); | 578 | const char *json_string = json_object_to_json_string(seats); |
| 574 | ipc_send_reply(client, json_string, (uint32_t)strlen(json_string)); | 579 | client_valid = |
| 580 | ipc_send_reply(client, json_string, (uint32_t)strlen(json_string)); | ||
| 575 | json_object_put(seats); // free | 581 | json_object_put(seats); // free |
| 576 | goto exit_cleanup; | 582 | goto exit_cleanup; |
| 577 | } | 583 | } |
| @@ -581,7 +587,8 @@ void ipc_client_handle_command(struct ipc_client *client) { | |||
| 581 | json_object *tree = | 587 | json_object *tree = |
| 582 | ipc_json_describe_container_recursive(&root_container); | 588 | ipc_json_describe_container_recursive(&root_container); |
| 583 | const char *json_string = json_object_to_json_string(tree); | 589 | const char *json_string = json_object_to_json_string(tree); |
| 584 | ipc_send_reply(client, json_string, (uint32_t) strlen(json_string)); | 590 | client_valid = |
| 591 | ipc_send_reply(client, json_string, (uint32_t) strlen(json_string)); | ||
| 585 | json_object_put(tree); | 592 | json_object_put(tree); |
| 586 | goto exit_cleanup; | 593 | goto exit_cleanup; |
| 587 | } | 594 | } |
| @@ -592,7 +599,8 @@ void ipc_client_handle_command(struct ipc_client *client) { | |||
| 592 | container_descendants(&root_container, C_VIEW, ipc_get_marks_callback, | 599 | container_descendants(&root_container, C_VIEW, ipc_get_marks_callback, |
| 593 | marks); | 600 | marks); |
| 594 | const char *json_string = json_object_to_json_string(marks); | 601 | const char *json_string = json_object_to_json_string(marks); |
| 595 | ipc_send_reply(client, json_string, (uint32_t)strlen(json_string)); | 602 | client_valid = |
| 603 | ipc_send_reply(client, json_string, (uint32_t)strlen(json_string)); | ||
| 596 | json_object_put(marks); | 604 | json_object_put(marks); |
| 597 | goto exit_cleanup; | 605 | goto exit_cleanup; |
| 598 | } | 606 | } |
| @@ -601,7 +609,8 @@ void ipc_client_handle_command(struct ipc_client *client) { | |||
| 601 | { | 609 | { |
| 602 | json_object *version = ipc_json_get_version(); | 610 | json_object *version = ipc_json_get_version(); |
| 603 | const char *json_string = json_object_to_json_string(version); | 611 | const char *json_string = json_object_to_json_string(version); |
| 604 | ipc_send_reply(client, json_string, (uint32_t)strlen(json_string)); | 612 | client_valid = |
| 613 | ipc_send_reply(client, json_string, (uint32_t)strlen(json_string)); | ||
| 605 | json_object_put(version); // free | 614 | json_object_put(version); // free |
| 606 | goto exit_cleanup; | 615 | goto exit_cleanup; |
| 607 | } | 616 | } |
| @@ -616,7 +625,9 @@ void ipc_client_handle_command(struct ipc_client *client) { | |||
| 616 | json_object_array_add(bars, json_object_new_string(bar->id)); | 625 | json_object_array_add(bars, json_object_new_string(bar->id)); |
| 617 | } | 626 | } |
| 618 | const char *json_string = json_object_to_json_string(bars); | 627 | const char *json_string = json_object_to_json_string(bars); |
| 619 | ipc_send_reply(client, json_string, (uint32_t)strlen(json_string)); | 628 | client_valid = |
| 629 | ipc_send_reply(client, json_string, | ||
| 630 | (uint32_t)strlen(json_string)); | ||
| 620 | json_object_put(bars); // free | 631 | json_object_put(bars); // free |
| 621 | } else { | 632 | } else { |
| 622 | // Send particular bar's details | 633 | // Send particular bar's details |
| @@ -630,12 +641,15 @@ void ipc_client_handle_command(struct ipc_client *client) { | |||
| 630 | } | 641 | } |
| 631 | if (!bar) { | 642 | if (!bar) { |
| 632 | const char *error = "{ \"success\": false, \"error\": \"No bar with that ID\" }"; | 643 | const char *error = "{ \"success\": false, \"error\": \"No bar with that ID\" }"; |
| 633 | ipc_send_reply(client, error, (uint32_t)strlen(error)); | 644 | client_valid = |
| 645 | ipc_send_reply(client, error, (uint32_t)strlen(error)); | ||
| 634 | goto exit_cleanup; | 646 | goto exit_cleanup; |
| 635 | } | 647 | } |
| 636 | json_object *json = ipc_json_describe_bar_config(bar); | 648 | json_object *json = ipc_json_describe_bar_config(bar); |
| 637 | const char *json_string = json_object_to_json_string(json); | 649 | const char *json_string = json_object_to_json_string(json); |
| 638 | ipc_send_reply(client, json_string, (uint32_t)strlen(json_string)); | 650 | client_valid = |
| 651 | ipc_send_reply(client, json_string, | ||
| 652 | (uint32_t)strlen(json_string)); | ||
| 639 | json_object_put(json); // free | 653 | json_object_put(json); // free |
| 640 | } | 654 | } |
| 641 | goto exit_cleanup; | 655 | goto exit_cleanup; |
| @@ -647,7 +661,9 @@ void ipc_client_handle_command(struct ipc_client *client) { | |||
| 647 | } | 661 | } |
| 648 | 662 | ||
| 649 | exit_cleanup: | 663 | exit_cleanup: |
| 650 | client->payload_length = 0; | 664 | if (client_valid) { |
| 665 | client->payload_length = 0; | ||
| 666 | } | ||
| 651 | free(buf); | 667 | free(buf); |
| 652 | return; | 668 | return; |
| 653 | } | 669 | } |