From: Jo-Philipp Wich <jo@mein.io>
Date: Sat, 23 Apr 2016 12:03:50 +0000 (+0200)
Subject: opkg: fix use-after-free with duplicate packages on the command line
X-Git-Tag: v17.01.2~3388
X-Git-Url: http://git.ozo.com/?a=commitdiff_plain;h=4c60a6f803759105d59b3e1fc52a9e37eecd08cd;p=lede-git%2F.git

opkg: fix use-after-free with duplicate packages on the command line

When the same package file is specified multiple times on the opkg install
command line, the name pointer on the argv array becomes stale after the
package structures have been merged, leading to invalid memory accesses
upon install.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
---

diff --git a/package/system/opkg/Makefile b/package/system/opkg/Makefile
index 01a7d796de..af4474254e 100644
--- a/package/system/opkg/Makefile
+++ b/package/system/opkg/Makefile
@@ -1,5 +1,6 @@
 #
 # Copyright (C) 2006-2015 OpenWrt.org
+# Copyright (C) 2016 LEDE Project
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@@ -12,7 +13,7 @@ include $(INCLUDE_DIR)/feeds.mk
 PKG_NAME:=opkg
 PKG_REV:=9c97d5ecd795709c8584e972bfdf3aee3a5b846d
 PKG_VERSION:=$(PKG_REV)
-PKG_RELEASE:=12
+PKG_RELEASE:=13
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_VERSION:=$(PKG_REV)
diff --git a/package/system/opkg/patches/270-fix-use-after-free.patch b/package/system/opkg/patches/270-fix-use-after-free.patch
new file mode 100644
index 0000000000..96e24b9456
--- /dev/null
+++ b/package/system/opkg/patches/270-fix-use-after-free.patch
@@ -0,0 +1,11 @@
+--- a/libopkg/opkg_download.c
++++ b/libopkg/opkg_download.c
+@@ -335,7 +335,7 @@ opkg_prepare_url_for_install(const char
+      hash_insert_pkg(pkg, 1);
+ 
+      if (namep) {
+-	  *namep = pkg->name;
++	  *namep = xstrdup(pkg->name);
+      }
+      return 0;
+ }