[1.14] bus: Don't crash if bus_context_create_client_policy() fails (!437) · Merge requests · dbus / dbus

Simon McVittie requested to merge smcv/dbus:1.14-issue343 into dbus-1.14 Aug 18, 2023

If policy creation fails, we can't usefully leave a NULL policy in the BusConnectionData. If we did, the next attempt to reload policy would crash with a NULL dereference when we tried to unref it, or with an assertion failure.

One situation in which we can legitimately fail to create a client policy is an out-of-memory condition. Another is if we are unable to look up a connection's supplementary groups with SO_PEERGROUPS, and also unable to look up the connection's uid's groups in the system user database, for example because it belongs to a user account that has been deleted (which is sysadmin error, but can happen, particularly in automated test systems) or because a service required by a Name Service Switch plugin has failed.

Keeping the last known policy is consistent with what happens to all the connections that are after this one in iteration order: after we early-return, all of those connections retain their previous policies (which doesn't seem ideal either, but that's how this has always worked).

[smcv: Add commit message]
Co-authored-by: @smcv
Resolves: #343 (closed)

(cherry picked from commit 63522f28)

Edited Aug 18, 2023 by Simon McVittie

[1.14] bus: Don't crash if bus_context_create_client_policy() fails

Merge request reports