aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJo-Philipp Wich <jo@mein.io>2016-04-23 14:03:50 +0200
committerJo-Philipp Wich <jo@mein.io>2016-04-23 14:03:50 +0200
commit4c60a6f803759105d59b3e1fc52a9e37eecd08cd (patch)
tree95778cf7807a5364acac8d5bc205c4f205713c30
parentb9466382b54892c186dea356e701b5ecec86d8aa (diff)
downloadupstream-4c60a6f803759105d59b3e1fc52a9e37eecd08cd.tar.gz
upstream-4c60a6f803759105d59b3e1fc52a9e37eecd08cd.tar.bz2
upstream-4c60a6f803759105d59b3e1fc52a9e37eecd08cd.zip
opkg: fix use-after-free with duplicate packages on the command line
When the same package file is specified multiple times on the opkg install command line, the name pointer on the argv array becomes stale after the package structures have been merged, leading to invalid memory accesses upon install. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
-rw-r--r--package/system/opkg/Makefile3
-rw-r--r--package/system/opkg/patches/270-fix-use-after-free.patch11
2 files changed, 13 insertions, 1 deletions
diff --git a/package/system/opkg/Makefile b/package/system/opkg/Makefile
index 01a7d796de..af4474254e 100644
--- a/package/system/opkg/Makefile
+++ b/package/system/opkg/Makefile
@@ -1,5 +1,6 @@
#
# Copyright (C) 2006-2015 OpenWrt.org
+# Copyright (C) 2016 LEDE Project
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
@@ -12,7 +13,7 @@ include $(INCLUDE_DIR)/feeds.mk
PKG_NAME:=opkg
PKG_REV:=9c97d5ecd795709c8584e972bfdf3aee3a5b846d
PKG_VERSION:=$(PKG_REV)
-PKG_RELEASE:=12
+PKG_RELEASE:=13
PKG_SOURCE_PROTO:=git
PKG_SOURCE_VERSION:=$(PKG_REV)
diff --git a/package/system/opkg/patches/270-fix-use-after-free.patch b/package/system/opkg/patches/270-fix-use-after-free.patch
new file mode 100644
index 0000000000..96e24b9456
--- /dev/null
+++ b/package/system/opkg/patches/270-fix-use-after-free.patch
@@ -0,0 +1,11 @@
+--- a/libopkg/opkg_download.c
++++ b/libopkg/opkg_download.c
+@@ -335,7 +335,7 @@ opkg_prepare_url_for_install(const char
+ hash_insert_pkg(pkg, 1);
+
+ if (namep) {
+- *namep = pkg->name;
++ *namep = xstrdup(pkg->name);
+ }
+ return 0;
+ }