projects
/
project
/
opkg-lede.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
fbd8dd1
)
libopkg: fix use-after-free with duplicate packages on the command line
author
Jo-Philipp Wich
<jo@mein.io>
Fri, 10 Feb 2017 10:04:10 +0000
(11:04 +0100)
committer
Jo-Philipp Wich
<jo@mein.io>
Fri, 10 Feb 2017 10:04:10 +0000
(11:04 +0100)
When the same package file is specified multiple times on the opkg install
command line, the name pointer on the argv array becomes stale after the
package structures have been merged, leading to invalid memory accesses
upon install.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
libopkg/opkg_download.c
patch
|
blob
|
history
diff --git
a/libopkg/opkg_download.c
b/libopkg/opkg_download.c
index 97e1a84e5be8238e1f3a1395779a6330cd0e4eef..631bdabd4a3dee974fb54cdf3198a1f583bb4cdf 100644
(file)
--- a/
libopkg/opkg_download.c
+++ b/
libopkg/opkg_download.c
@@
-335,7
+335,7
@@
opkg_prepare_url_for_install(const char *url, char **namep)
hash_insert_pkg(pkg, 1);
if (namep) {
- *namep =
pkg->name
;
+ *namep =
xstrdup(pkg->name)
;
}
return 0;
}