On Bug #15589, Scott wrote this useful-looking summary of the bug: > D-Bus relies on the userdb cache being enabled to be able to hold on to user > info structures (which don't have refcounting). > > Test case: > 1) disable the userdb cache > 2) start a minimal dbus server > 3) connect to it _from the same username_ > > The server will have already looked up its own username, and will be holding > on > to the info for that (to compare it against users coming in, I suspect). > > When the new connection comes in, it will look up the username of *that*, > which > will invalidate the existing entry in the hash table. Then when it compares > the new info with the info of its own user, you'll be reading from free'd > memory. > > This could be partially fixed by not putting new info entries into the hash > table, but then there'd be a memory leak for every time you looked one up, > since it won't be clear who owns it.
Dropping priority and severity since this now only happens in a non- default compile-time configuration (you have to disable the userdb cache explicitly). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/128624 Title: dbus-daemon crashed with SIGSEGV in strcmp() To manage notifications about this bug go to: https://bugs.launchpad.net/dbus/+bug/128624/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
