bus: fix memleak on invalid message

Introduced in 6d586a1371. Reported by Felix Riemann in https://bugzilla.redhat.com/show_bug.cgi?id=1685286. Reproducer: for i in `seq 1 100`; do gdbus call --session -d org.freedesktop.systemd1 -m org.freedesktop.systemd1.Manager.StartUnit -o "/$(for x in `seq 0 28000`; do echo -n $x; done)" & done
2019-03-16 23:39:26 +01:00 · 2019-03-16 23:39:26 +01:00 · 3dec520197
parent ebcf697685
commit 3dec520197
1 changed files with 4 additions and 2 deletions
--- a/src/libsystemd/sd-bus/bus-socket.c
+++ b/src/libsystemd/sd-bus/bus-socket.c
@ -1132,13 +1132,15 @@ static int bus_socket_make_message(sd_bus *bus, size_t size) {
                                    bus->fds, bus->n_fds,
                                    NULL,
                                    &t);
-        if (r == -EBADMSG)
+        if (r == -EBADMSG) {
                log_debug_errno(r, "Received invalid message from connection %s, dropping.", strna(bus->description));
-        else if (r < 0) {
+                free(bus->rbuffer); /* We want to drop current rbuffer and proceed with whatever remains in b */
+        } else if (r < 0) {
                free(b);
                return r;
        }

+        /* rbuffer ownership was either transferred to t, or we got EBADMSG and dropped it. */
        bus->rbuffer = b;
        bus->rbuffer_size -= size;