From cc344f1513eeefc555a0e5965ea50cac95fdfe7d Mon Sep 17 00:00:00 2001 From: =?utf8?q?Petr=20=C5=A0tetiar?= Date: Mon, 21 Feb 2022 07:41:05 +0100 Subject: [PATCH] ubus: backport fixes for UAF and other issues MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Backporting following fixes: a72457b61df0 libubus: increase stack depth for processing obj msgs ef038488edc3 libubus: process pending messages in data handler if stack depth is 0 2099bb3ad997 libubus: use list_empty/list_first_entry in ubus_process_pending_msg where at least commit 2099bb3ad997 ("libubus: use list_empty/list_first_entry in ubus_process_pending_msg") fixes UAF issue I've introduced in commit c5f2053dfcfd ("workaround possibly false positive uses of memory after it is freed") while fixing another false positive UAF reported[1] by clang's static analyzer. Those fixes are being used in master/21.02 for about 6 months, so should be tested enough and considered for backporting. I've runtested those fixes on mvebu/turris-omnia and ipq40xx/glinet-b1300 devices. 1. https://openwrt.gitlab.io/-/project/ubus/-/jobs/2096090992/artifacts/build/scan/2022-02-15-150310-70-1/index.html Signed-off-by: Petr Å tetiar --- package/system/ubus/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package/system/ubus/Makefile b/package/system/ubus/Makefile index 2c116ae6f8..015d52678f 100644 --- a/package/system/ubus/Makefile +++ b/package/system/ubus/Makefile @@ -5,9 +5,9 @@ PKG_RELEASE:=1 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL=$(PROJECT_GIT)/project/ubus.git -PKG_SOURCE_DATE:=2021-07-01 -PKG_SOURCE_VERSION:=38c7fdd8991366cd2f9ccbc47625f9b51b1d318a -PKG_MIRROR_HASH:=5ff9baa2ba3c7b2b53a477ed2a0f3dd8828051389f3d759cf5a694fbccc4c05b +PKG_SOURCE_DATE:=2022-02-21 +PKG_SOURCE_VERSION:=b32a0e17b37847e8357b53a358d1311bfc3ad5d2 +PKG_MIRROR_HASH:=fddf17b1faeb2ab09a3bed2e301a9cc83cb6ceb69af57cd58dc2132b58276f8b PKG_ABI_VERSION:=20210603 CMAKE_INSTALL:=1 -- 2.30.2