nevaforget/moonlock
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: audit fixes — double-unlock guard, PAM OOM code, GPU blur, async fp stop (v0.5.1)

Browse Source 
Security: prevent double unlock() when PAM and fingerprint succeed
simultaneously (ext-session-lock protocol error). Fix PAM callback
returning PAM_AUTH_ERR instead of PAM_BUF_ERR on calloc OOM.

Performance: replace CPU-side Gaussian blur (image crate) with GPU blur
via GskBlurNode + GskRenderer::render_texture(). Eliminates 500ms-2s
main-thread blocking on cold cache for 4K wallpapers. Remove image and
dirs dependencies (~15 transitive crates). Make fingerprint stop()
fire-and-forget async to avoid 6s UI block after successful auth.
This commit is contained in:
nevaforget
2026-03-28 22:06:38 +01:00
parent 48706e5a29
commit 4026f6dafa
8 changed files with 87 additions and 447 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/fingerprint.rs
+11 -15
View File
@@ -290,7 +290,8 @@ impl FingerprintListener {
}
/// Stop listening and release the device.
/// Uses a short timeout (3s) to avoid blocking the UI indefinitely.
/// Signal disconnect is synchronous to prevent further callbacks.
/// D-Bus cleanup (VerifyStop + Release) is fire-and-forget to avoid blocking the UI.
pub fn stop(&mut self) {
if !self.running {
return;
@@ -301,20 +302,15 @@ impl FingerprintListener {
if let Some(id) = self.signal_id.take() {
proxy.disconnect(id);
}
let _ = proxy.call_sync(
"VerifyStop",
None,
gio::DBusCallFlags::NONE,
3000,
gio::Cancellable::NONE,
);
let _ = proxy.call_sync(
"Release",
None,
gio::DBusCallFlags::NONE,
3000,
gio::Cancellable::NONE,
);
let proxy = proxy.clone();
glib::spawn_future_local(async move {
let _ = proxy
.call_future("VerifyStop", None, gio::DBusCallFlags::NONE, 3000)
.await;
let _ = proxy
.call_future("Release", None, gio::DBusCallFlags::NONE, 3000)
.await;
});
}
}