From 0a901c71f5ca6c6656fe7d4f2baa813eda791a46 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 9 Aug 2023 10:51:19 +0200
Subject: [PATCH 1/2] polkit: use LIST_POP where appropriate

---
 src/shared/bus-polkit.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/shared/bus-polkit.c b/src/shared/bus-polkit.c
index b7f7c2b47aa..383ebd9edef 100644
--- a/src/shared/bus-polkit.c
+++ b/src/shared/bus-polkit.c
@@ -220,10 +220,8 @@ static AsyncPolkitQuery *async_polkit_query_free(AsyncPolkitQuery *q) {
 
         sd_event_source_disable_unref(q->defer_event_source);
 
-        while ((a = q->authorized_actions)) {
-                LIST_REMOVE(authorized, q->authorized_actions, a);
+        while ((a = LIST_POP(authorized, q->authorized_actions)))
                 async_polkit_query_action_free(a);
-        }
 
         async_polkit_query_action_free(q->denied_action);
         async_polkit_query_action_free(q->error_action);

From c1b2e1a89a54dc5ec51f5f1c6257a2956782b296 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 9 Aug 2023 10:51:40 +0200
Subject: [PATCH 2/2] polkit: move asserts up, so that they cover all reply
 codepaths

---
 src/shared/bus-polkit.c | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/src/shared/bus-polkit.c b/src/shared/bus-polkit.c
index 383ebd9edef..0ae0073a821 100644
--- a/src/shared/bus-polkit.c
+++ b/src/shared/bus-polkit.c
@@ -253,6 +253,11 @@ static int async_polkit_read_reply(sd_bus_message *reply, AsyncPolkitQuery *q) {
         assert(reply);
         assert(q);
 
+        /* Processing of a PolicyKit checks is canceled on the first auth. error. */
+        assert(!q->denied_action);
+        assert(!q->error_action);
+        assert(!sd_bus_error_is_set(&q->error));
+
         assert(q->action);
         a = TAKE_PTR(q->action);
 
@@ -270,7 +275,6 @@ static int async_polkit_read_reply(sd_bus_message *reply, AsyncPolkitQuery *q) {
 
                 /* Treat no PK available as access denied */
                 q->denied_action = TAKE_PTR(a);
-
                 return 0;
         }
 
@@ -280,12 +284,6 @@ static int async_polkit_read_reply(sd_bus_message *reply, AsyncPolkitQuery *q) {
         if (r < 0)
                 return r;
 
-        /* It's currently expected that processing of a DBus message shall be interrupted on the first
-         * auth. error */
-        assert(!q->denied_action);
-        assert(!q->error_action);
-        assert(!sd_bus_error_is_set(&q->error));
-
         if (authorized)
                 LIST_PREPEND(authorized, q->authorized_actions, TAKE_PTR(a));
         else if (challenge) {