ubusd: fix incomplete copy of shared buf during queue-ing
authorAlexandru Ardelean <ardeleanalex@gmail.com>
Thu, 2 Feb 2017 15:59:49 +0000 (17:59 +0200)
committerFelix Fietkau <nbd@nbd.name>
Tue, 7 Feb 2017 09:45:14 +0000 (10:45 +0100)
For a shared ubus_msg_buf, the ubus_msg_ref function will
create a copy for queue-ing.

Problem is, that during the dequeue (especially) in client_cb,
the header is 0-ed (because it's was a newly alloc-ed buffer).

And during ubus_msg_writev(), the header info will be ignored
by the client.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
ubusd.c

diff --git a/ubusd.c b/ubusd.c
index 5409b7f6ae57335423014d6aae0a7ee7650b3816..f060b380ce4fd442f1d160a0ab383b67fcffe5b8 100644 (file)
--- a/ubusd.c
+++ b/ubusd.c
 
 static struct ubus_msg_buf *ubus_msg_ref(struct ubus_msg_buf *ub)
 {
-       if (ub->refcount == ~0)
-               return ubus_msg_new(ub->data, ub->len, false);
+       struct ubus_msg_buf *new_ub;
+       if (ub->refcount == ~0) {
+               new_ub = ubus_msg_new(ub->data, ub->len, false);
+               if (!new_ub)
+                       return NULL;
+               memcpy(&new_ub->hdr, &ub->hdr, sizeof(struct ubus_msghdr));
+               new_ub->fd = ub->fd;
+               return new_ub;
+       }
 
        ub->refcount++;
        return ub;