From 4c60a6f803759105d59b3e1fc52a9e37eecd08cd Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Sat, 23 Apr 2016 14:03:50 +0200 Subject: opkg: fix use-after-free with duplicate packages on the command line When the same package file is specified multiple times on the opkg install command line, the name pointer on the argv array becomes stale after the package structures have been merged, leading to invalid memory accesses upon install. Signed-off-by: Jo-Philipp Wich --- package/system/opkg/patches/270-fix-use-after-free.patch | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 package/system/opkg/patches/270-fix-use-after-free.patch (limited to 'package/system/opkg/patches/270-fix-use-after-free.patch') diff --git a/package/system/opkg/patches/270-fix-use-after-free.patch b/package/system/opkg/patches/270-fix-use-after-free.patch new file mode 100644 index 0000000000..96e24b9456 --- /dev/null +++ b/package/system/opkg/patches/270-fix-use-after-free.patch @@ -0,0 +1,11 @@ +--- a/libopkg/opkg_download.c ++++ b/libopkg/opkg_download.c +@@ -335,7 +335,7 @@ opkg_prepare_url_for_install(const char + hash_insert_pkg(pkg, 1); + + if (namep) { +- *namep = pkg->name; ++ *namep = xstrdup(pkg->name); + } + return 0; + } -- cgit v1.2.3