• Simon McVittie's avatar
    DBusNonceFile: Don't rely on caller preallocating the object · 010223b6
    Simon McVittie authored
    If we combine the dbus_new0, populating the DBusString members and the
    actual creation of the file, RAII-style, then we never need to worry
    about a partially-initialized or uninitialized DBusNonceFile becoming
    visible to a caller.
    
    Similarly, if we combine deletion of the file, freeing of the
    DBusString members, freeing the structure and clearing the pointer to
    the structure, then we can never be in an inconsistent situation,
    except during the actual implementation of _dbus_noncefile_delete().
    
    Note that there are two implementations each of
    _dbus_noncefile_create() and _dbus_noncefile_delete(). This is because
    on Unix we must use a subdirectory of _dbus_get_tmpdir() (the nonce
    filename is not created atomically, so that would not be safe), while
    on Windows we use the directory directly (the Windows temp directory
    is private to a user, so this is OK).
    Signed-off-by: Simon McVittie's avatarSimon McVittie <smcv@collabora.com>
    Reviewed-by: Philip Withnall's avatarPhilip Withnall <withnall@endlessm.com>
    Bug: https://bugs.freedesktop.org/show_bug.cgi?id=103597
    010223b6
dbus-nonce.h 2.27 KB