Control: retitle -1 flatpak: segfault when no D-Bus system bus is available
Control: reassign -1 libpolkit-agent-1-0 0.105-18
Control: tags -1 + patch fixed-upstream
On Sat, 23 Feb 2019 at 16:23:20 +0100, Ronny Standtke wrote:
> (flatpak remote-add:9603): GLib-GIO-CRITICAL **:
> g_dbus_connection_register_object: assertion 'G_IS_DBUS_CONNECTION
> (connection)' failed
>
> ** (flatpak remote-add:9603): CRITICAL **:
> polkit_authority_register_authentication_agent_with_options_sync:
> assertion 'POLKIT_IS_AUTHORITY (authority)' failed
>
> Segmentation fault
I've encountered this again in a different environment, and it appears
to be a libpolkit-agent-1-0 bug. A minimal reproducer is to run flatpak
with no D-Bus system bus available, for example by mounting a tmpfs over
/run/dbus on an ordinary desktop system:
bwrap --dev-bind / / --tmpfs /run/dbus flatpak list --system
resulting in these critical warnings:
(flatpak list:15619): GLib-GIO-CRITICAL **: 11:45:34.076:
g_dbus_connection_register_object: assertion 'G_IS_DBUS_CONNECTION
(connection)' failed
** (flatpak list:15619): CRITICAL **: 11:45:34.077:
polkit_authority_register_authentication_agent_with_options_sync: assertion
'POLKIT_IS_AUTHORITY (authority)' failed
followed by this segmentation fault:
#0 0x00007f989c459b62 in server_register
(server=server@entry=0x55cff362b120, error=error@entry=0x7ffc7a6d95b8)
at polkitagentlistener.c:157
#1 0x00007f989c45a281 in polkit_agent_listener_register_with_options
(listener=0x55cff3621d40,
flags=POLKIT_AGENT_REGISTER_FLAGS_RUN_IN_THREAD, subject=0x55cff3620900,
object_path=<optimized out>, options=<optimized out>, cancellable=0x0,
error=0x7ffc7a6d95b8) at polkitagentlistener.c:457
#2 0x000055cff2067405 in ()
#3 0x00007f989b82a09b in __libc_start_main (main=
0x55cff2067140, argc=3, argv=0x7ffc7a6d97f8, init=<optimized out>,
fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffc7a6d97e8) at
../csu/libc-start.c:308
This was fixed in polkit 0.108 with the attached patch, which is
unfortunately missing from what is effectively a Debian fork of polkit
0.105 (in recent versions we have been quite thorough about backporting
bugfixes from 0.11x into 0.105, but some of the older changes have still
not been incorporated).
For post-buster, I think we should probably switch to the latest
upstream versions of polkit; and if the JavaScript policy format is still
considered unacceptable by the Debian polkit maintainers, then we should
version the package as 0.105+mostly0.116 or similar, and apply Debian
patches to disable the JavaScript policy engine and reinstate the old
"local authority" policy engine.
smcv
>From 44d4126e10515626c520585b9277f7615e0d3bf7 Mon Sep 17 00:00:00 2001
From: Adam Jackson <a...@nwnk.net>
Date: Tue, 9 Oct 2012 14:08:24 -0400
Subject: [PATCH] PolkitAgent: Avoid crashing if initializing the server object
fails
Note that otherwise we return a freed server object. Since later in
polkit_agent_listener_register_with_options we check against NULL to
determine failure, this makes for sad times later when we call
server_free() on it again.
Signed-off-by: David Zeuthen <zeut...@gmail.com>
Origin: 0.108, commit:59f2d96ce3ac63173669f299a9453a7bf5e70a70
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=55776
Bug-Debian: https://bugs.debian.org/923046
---
src/polkitagent/polkitagentlistener.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/polkitagent/polkitagentlistener.c b/src/polkitagent/polkitagentlistener.c
index 718b742..e0b7b57 100644
--- a/src/polkitagent/polkitagentlistener.c
+++ b/src/polkitagent/polkitagentlistener.c
@@ -257,10 +257,9 @@ server_new (PolkitSubject *subject,
if (!server_init_sync (server, cancellable, error))
{
server_free (server);
- goto out;
+ return NULL;
}
- out:
return server;
}
--
2.20.1
