From c09e4f06f0f54be8304fb4459445198920fea32e Mon Sep 17 00:00:00 2001 From: Alexandru Ardelean Date: Thu, 2 Feb 2017 17:59:49 +0200 Subject: [PATCH] ubusd: fix incomplete copy of shared buf during queue-ing For a shared ubus_msg_buf, the ubus_msg_ref function will create a copy for queue-ing. Problem is, that during the dequeue (especially) in client_cb, the header is 0-ed (because it's was a newly alloc-ed buffer). And during ubus_msg_writev(), the header info will be ignored by the client. Signed-off-by: Alexandru Ardelean --- ubusd.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/ubusd.c b/ubusd.c index 5409b7f..f060b38 100644 --- a/ubusd.c +++ b/ubusd.c @@ -32,8 +32,15 @@ static struct ubus_msg_buf *ubus_msg_ref(struct ubus_msg_buf *ub) { - if (ub->refcount == ~0) - return ubus_msg_new(ub->data, ub->len, false); + struct ubus_msg_buf *new_ub; + if (ub->refcount == ~0) { + new_ub = ubus_msg_new(ub->data, ub->len, false); + if (!new_ub) + return NULL; + memcpy(&new_ub->hdr, &ub->hdr, sizeof(struct ubus_msghdr)); + new_ub->fd = ub->fd; + return new_ub; + } ub->refcount++; return ub; -- 2.25.1