From: Simon McVittie <smcv@collabora.com>
Date: Fri, 17 Aug 2018 14:33:10 +0000 (+0100)
Subject: bus_driver_handle_become_monitor: Don't leak zero-length array of rules
X-Git-Tag: dbus-1.13.8~29^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5accf42aabb94e88a02bd27858ce829cd870818b;p=thirdparty%2Fdbus.git

bus_driver_handle_become_monitor: Don't leak zero-length array of rules

Only privileged users can trigger this leak, so it is not a denial of
service attack.

Signed-off-by: Simon McVittie <smcv@collabora.com>
---

diff --git a/bus/driver.c b/bus/driver.c
index 8015f28ba..9b3e43eeb 100644
--- a/bus/driver.c
+++ b/bus/driver.c
@@ -2258,6 +2258,7 @@ bus_driver_handle_become_monitor (DBusConnection *connection,
   /* Special case: a zero-length array becomes [""] */
   if (n_match_rules == 0)
     {
+      dbus_free (match_rules);
       match_rules = dbus_malloc (2 * sizeof (char *));
 
       if (match_rules == NULL)