Mike Jumper created GUACAMOLE-1784:
--------------------------------------
Summary: guac_user instances must only be referenced from user
callbacks
Key: GUACAMOLE-1784
URL: https://issues.apache.org/jira/browse/GUACAMOLE-1784
Project: Guacamole
Issue Type: Bug
Components: guacamole-server
Reporter: Mike Jumper
An instance of {{guac_user}} has a lifecycle that may result in that
{{guac_user}} becoming invalid at any moment _except_ within the context of a
callback directly related to that user. The {{guac_client_for_user()}} function
exists to provide a mechanism for referencing a {{guac_user}} without a
corresponding callback, but this call is missing in a few locations, resulting
in potential segfaults.
For example:
{code:c}
static void guac_rdp_audio_buffer_ack(guac_rdp_audio_buffer* audio_buffer,
const char* message, guac_protocol_status status) {
guac_user* user = audio_buffer->user;
guac_stream* stream = audio_buffer->stream;
...
guac_protocol_send_ack(user->socket, stream, message, status);
...
}
{code}
The above is incorrect because {{user->socket}} is being accessed outside a
user-related callback and without using {{{}guac_client_for_user(){}}}. If the
{{user}} turns out to not be valid, this will segfault.
We should fix the above, look through the code for other references to
{{guac_user}} outside a user-related callback, and fix those as well.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
