File gtk3-gtkmountoperation-avoid-SEGV-after-bad-password-inpu.patch of Package gtk3

From 9f04e534590c515cefeb5e21b77f7a7d748d3643 Mon Sep 17 00:00:00 2001
From: Martin Wilck <mwilck@suse.com>
Date: Fri, 2 Jun 2023 15:16:58 +0200
Subject: [PATCH] gtkmountoperation: avoid SEGV after bad password input
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

I observed the following nautilus crash below after trying to access an SMB
share and mistyping my password (it also happens if mounting the SMB share
fails for other reasons after entering a password). The crash happens when
the password entry window pops up the second time, in this code path, at
the 7th element of priv->user_widgets:

458	pw_dialog_anonymous_toggled (GtkWidget         *widget,
459	                             GtkMountOperation *operation)
460	{
...
472	  for (l = priv->user_widgets; l != NULL; l = l->next)
473	    {
474	      gtk_widget_set_sensitive (GTK_WIDGET (l->data), !priv->anonymous);
475	    }

The broken element had l->data = 0xaaaaaaaaaaaa, which means the pointer had
been freed.

The broken list entries were at the of the list because when
gtk_mount_operation_ask_password_do_gtk() constucts the pop-up the 2nd time,
it prepends new widgets:

gtk_mount_operation_ask_password_do_gtk()
   table_add_entry
       operation->priv->user_widgets = g_list_prepend (operation->priv->user_widgets, entry);

The problem is that in pw_dialog_got_response(), the widget is destroyed,
which also destroys all child widgets, but the priv->user_widgets list is
neither freed nor set to NULL.

Fix it.

    instance_and_params=instance_and_params@entry=0x7ffd0585dd20) at ../gobject/gsignal.c:3742
    default_user=default_user@entry=0x556964cfd740 "USER", default_domain=default_domain@entry=0x5569654ce990 "DOMAIN", flags=<optimized out>) at gtkmountoperation.c:900
    n_params=<optimized out>, param_types=0x556965007460) at ../gio/gmarshal-internal.c:2254
    arg_message_string=0x556965660ce0 "Authentication Required\nEnter user and password for share “SHARE” on “SERVER”:", arg_default_user=0x55696535e310 "USER",
    arg_default_domain=0x55696505b820 "DOMAIN", arg_flags_as_int=31, data=0x556964d757f0) at ../common/gmountoperationdbus.c:112
    at ../src/x86/ffi64.c:662
--Type <RET> for more, q to quit, c to continue without paging--c
---
 gtk/gtkmountoperation.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/gtk/gtkmountoperation.c b/gtk/gtkmountoperation.c
index 2cf7e75..e6b50c9 100644
--- a/gtk/gtkmountoperation.c
+++ b/gtk/gtkmountoperation.c
@@ -380,6 +380,11 @@ pw_dialog_got_response (GtkDialog         *dialog,
   else
     g_mount_operation_reply (op, G_MOUNT_OPERATION_ABORTED);
 
+  if (priv->user_widgets)
+    {
+      g_list_free (priv->user_widgets);
+      priv->user_widgets = NULL;
+    }
   priv->dialog = NULL;
   g_object_notify (G_OBJECT (op), "is-showing");
   gtk_widget_destroy (GTK_WIDGET (dialog));
-- 
2.40.1