From 05e5fc24b0f803098c1d05dae86f5eb05bd0c2a4 Mon Sep 17 00:00:00 2001
From: Rui Matos <tiagomatos@gmail.com>
Date: Sun, 15 Nov 2015 14:07:53 -0500
Subject: session: Cancel worker proxy async ops when freeing conversations

We need to cancel ongoing async ops for worker proxies when freeing
conversations or we'll crash when the completion handler runs and we
access free'd memory.

https://bugzilla.gnome.org/show_bug.cgi?id=758032

---

From 5ac224602f1d603aac5eaa72e1760d3e33a26f0a Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Fri, 13 Nov 2015 11:14:59 -0500
Subject: session: disconnect signals from worker proxy when conversation is
 freed

We don't want an outstanding reference on the worker proxy to lead to
signal handlers getting dispatched after the conversation is freed.

https://bugzilla.gnome.org/show_bug.cgi?id=758032

---


--- daemon/gdm-session.c.orig	2015-11-18 10:47:55.522178000 +0100
+++ daemon/gdm-session.c	2015-11-18 10:48:00.450095000 +0100
@@ -73,6 +73,7 @@ typedef struct
         GDBusMethodInvocation *pending_invocation;
         GdmDBusWorkerManager  *worker_manager_interface;
         GdmDBusWorker         *worker_proxy;
+        GCancellable          *worker_cancellable;
         char                  *session_id;
         guint32                is_stopping : 1;
 
@@ -1031,6 +1032,8 @@ register_worker (GdmDBusWorkerManager  *
 
         g_dbus_proxy_set_default_timeout (G_DBUS_PROXY (conversation->worker_proxy), G_MAXINT);
 
+        conversation->worker_cancellable = g_cancellable_new ();
+
         g_signal_connect (conversation->worker_proxy,
                           "username-changed",
                           G_CALLBACK (worker_on_username_changed), conversation);
@@ -1666,7 +1669,28 @@ free_conversation (GdmSessionConversatio
         g_free (conversation->starting_username);
         g_free (conversation->session_id);
         g_clear_object (&conversation->worker_manager_interface);
-        g_clear_object (&conversation->worker_proxy);
+
+        if (conversation->worker_proxy != NULL) {
+                g_signal_handlers_disconnect_by_func (conversation->worker_proxy,
+                                                      G_CALLBACK (worker_on_username_changed),
+                                                      conversation);
+                g_signal_handlers_disconnect_by_func (conversation->worker_proxy,
+                                                      G_CALLBACK (worker_on_session_exited),
+                                                      conversation);
+                g_signal_handlers_disconnect_by_func (conversation->worker_proxy,
+                                                      G_CALLBACK (worker_on_reauthenticated),
+                                                      conversation);
+                g_signal_handlers_disconnect_by_func (conversation->worker_proxy,
+                                                      G_CALLBACK (worker_on_saved_language_name_read),
+                                                      conversation);
+                g_signal_handlers_disconnect_by_func (conversation->worker_proxy,
+                                                      G_CALLBACK (worker_on_saved_session_name_read),
+                                                      conversation);
+                g_signal_handlers_disconnect_by_func (conversation->worker_proxy,
+                                                      G_CALLBACK (worker_on_cancel_pending_query),
+                                                      conversation);
+                g_clear_object (&conversation->worker_proxy);
+        }
         g_clear_object (&conversation->session);
         g_free (conversation);
 }
@@ -1828,6 +1852,9 @@ close_conversation (GdmSessionConversati
                 g_clear_object (&conversation->worker_manager_interface);
         }
 
+        g_cancellable_cancel (conversation->worker_cancellable);
+        g_clear_object (&conversation->worker_cancellable);
+
         if (conversation->worker_proxy != NULL) {
                 GDBusConnection *connection = g_dbus_proxy_get_connection (G_DBUS_PROXY (conversation->worker_proxy));
                 g_dbus_connection_close_sync (connection, NULL, NULL);
@@ -1996,7 +2023,7 @@ send_setup (GdmSession *self,
                                             display_hostname,
                                             self->priv->display_is_local,
                                             self->priv->display_is_initial,
-                                            NULL,
+                                            conversation->worker_cancellable,
                                             (GAsyncReadyCallback) on_setup_complete_cb,
                                             conversation);
         }
@@ -2062,7 +2089,7 @@ send_setup_for_user (GdmSession *self,
                                                      display_hostname,
                                                      self->priv->display_is_local,
                                                      self->priv->display_is_initial,
-                                                     NULL,
+                                                     conversation->worker_cancellable,
                                                      (GAsyncReadyCallback) on_setup_complete_cb,
                                                      conversation);
         }
@@ -2124,7 +2151,7 @@ send_setup_for_program (GdmSession *self
                                                         self->priv->display_is_local,
                                                         self->priv->display_is_initial,
                                                         log_file,
-                                                        NULL,
+                                                        conversation->worker_cancellable,
                                                         (GAsyncReadyCallback) on_setup_complete_cb,
                                                         conversation);
         }
@@ -2182,7 +2209,7 @@ gdm_session_authenticate (GdmSession *se
         conversation = find_conversation_by_name (self, service_name);
         if (conversation != NULL) {
                 gdm_dbus_worker_call_authenticate (conversation->worker_proxy,
-                                                   NULL,
+                                                   conversation->worker_cancellable,
                                                    (GAsyncReadyCallback) on_authenticate_cb,
                                                    conversation);
         }
@@ -2199,7 +2226,7 @@ gdm_session_authorize (GdmSession *self,
         conversation = find_conversation_by_name (self, service_name);
         if (conversation != NULL) {
                 gdm_dbus_worker_call_authorize (conversation->worker_proxy,
-                                                NULL,
+                                                conversation->worker_cancellable,
                                                 (GAsyncReadyCallback) on_authorize_cb,
                                                 conversation);
         }
@@ -2216,7 +2243,7 @@ gdm_session_accredit (GdmSession *self,
         conversation = find_conversation_by_name (self, service_name);
         if (conversation != NULL) {
                 gdm_dbus_worker_call_establish_credentials (conversation->worker_proxy,
-                                                            NULL,
+                                                            conversation->worker_cancellable,
                                                             (GAsyncReadyCallback) on_establish_credentials_cb,
                                                             conversation);
         }
@@ -2230,7 +2257,8 @@ send_environment_variable (const char   
 {
         gdm_dbus_worker_call_set_environment_variable (conversation->worker_proxy,
                                                        key, value,
-                                                       NULL, NULL, NULL);
+                                                       conversation->worker_cancellable,
+                                                       NULL, NULL);
 }
 
 static void
@@ -2418,7 +2446,8 @@ send_display_mode (GdmSession *self,
         mode = gdm_session_get_display_mode (self);
         gdm_dbus_worker_call_set_session_display_mode (conversation->worker_proxy,
                                                        gdm_session_display_mode_to_string (mode),
-                                                       NULL, NULL, NULL);
+                                                       conversation->worker_cancellable,
+                                                       NULL, NULL);
 }
 
 static void
@@ -2434,7 +2463,8 @@ send_session_type (GdmSession *self,
         gdm_dbus_worker_call_set_environment_variable (conversation->worker_proxy,
                                                        "XDG_SESSION_TYPE",
                                                        session_type,
-                                                       NULL, NULL, NULL);
+                                                       conversation->worker_cancellable,
+                                                       NULL, NULL);
 }
 
 void
@@ -2452,7 +2482,7 @@ gdm_session_open_session (GdmSession *se
                 send_session_type (self, conversation);
 
                 gdm_dbus_worker_call_open (conversation->worker_proxy,
-                                           NULL,
+                                           conversation->worker_cancellable,
                                            (GAsyncReadyCallback) on_opened, conversation);
         }
 }
@@ -2638,7 +2668,7 @@ gdm_session_start_session (GdmSession *s
 
         gdm_dbus_worker_call_start_program (conversation->worker_proxy,
                                             program,
-                                            NULL,
+                                            conversation->worker_cancellable,
                                             (GAsyncReadyCallback) on_start_program_cb,
                                             conversation);
         g_free (program);
@@ -2770,7 +2800,7 @@ gdm_session_start_reauthentication (GdmS
         gdm_dbus_worker_call_start_reauthentication (conversation->worker_proxy,
                                                      (int) pid_of_caller,
                                                      (int) uid_of_caller,
-                                                     NULL,
+                                                     conversation->worker_cancellable,
                                                      (GAsyncReadyCallback) on_reauthentication_started_cb,
                                                      conversation);
 }
@@ -3032,7 +3062,8 @@ gdm_session_select_session (GdmSession *
 
                 gdm_dbus_worker_call_set_session_name (conversation->worker_proxy,
                                                        get_session_name (self),
-                                                       NULL, NULL, NULL);
+                                                       conversation->worker_cancellable,
+                                                       NULL, NULL);
         }
 }
 
