diff options
author | Khem Raj <raj.khem@gmail.com> | 2013-11-11 20:15:53 -0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2013-12-12 17:00:15 +0000 |
commit | 75cf26a02f72357533c42ceddbb24daa1d45185f (patch) | |
tree | 066877af7ded6ab74477bbe6145ad7dcca2459eb /meta/recipes-support/libnl/libnl | |
parent | ff80e69648d062a3ad2935536cb6683243f8a6c2 (diff) | |
download | poky-75cf26a02f72357533c42ceddbb24daa1d45185f.tar.gz |
libnl: Fix random segfaults due to memory corruption
This is a backport from upstream fixes a severe problem
w.r.t memory management, where it would result in random
segfaults in applications depending on libnl
(From OE-Core rev: c3fb18aac0de49dc3113296699d95be298d98140)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-support/libnl/libnl')
-rw-r--r-- | meta/recipes-support/libnl/libnl/0001-fix-double-free-caused-by-freeing-link-af_data-in-rt.patch | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/meta/recipes-support/libnl/libnl/0001-fix-double-free-caused-by-freeing-link-af_data-in-rt.patch b/meta/recipes-support/libnl/libnl/0001-fix-double-free-caused-by-freeing-link-af_data-in-rt.patch new file mode 100644 index 0000000000..6d2c8ff72d --- /dev/null +++ b/meta/recipes-support/libnl/libnl/0001-fix-double-free-caused-by-freeing-link-af_data-in-rt.patch | |||
@@ -0,0 +1,41 @@ | |||
1 | From 6f37b439af7e96104aadd8ec3ae8d3882df8d102 Mon Sep 17 00:00:00 2001 | ||
2 | From: Jiri Pirko <jiri@resnulli.us> | ||
3 | Date: Wed, 21 Aug 2013 14:40:34 +0200 | ||
4 | Subject: [PATCH] fix double free caused by freeing link af_data in | ||
5 | rtnl_link_set_family() | ||
6 | |||
7 | Introduced by commit 8026fe2e3a9089eff3f5a06ee6e3cc78d96334ed ("link: | ||
8 | Free and realloc af specific data upon rtnl_link_set_family()") | ||
9 | |||
10 | link->l_af_data[link->l_af_ops->ao_family] is freed here but not set to | ||
11 | zero. That leads to double free made by link_free_data->do_foreach_af. | ||
12 | |||
13 | Fix this by setting link->l_af_data[link->l_af_ops->ao_family] to zero | ||
14 | rigth after free. | ||
15 | |||
16 | Signed-off-by: Jiri Pirko <jiri@resnulli.us> | ||
17 | Signed-off-by: Thomas Graf <tgraf@suug.ch> | ||
18 | --- | ||
19 | lib/route/link.c | 4 +++- | ||
20 | 1 file changed, 3 insertions(+), 1 deletion(-) | ||
21 | |||
22 | diff --git a/lib/route/link.c b/lib/route/link.c | ||
23 | index a73e1db..0bb90a0 100644 | ||
24 | --- a/lib/route/link.c | ||
25 | +++ b/lib/route/link.c | ||
26 | @@ -1762,9 +1762,11 @@ void rtnl_link_set_family(struct rtnl_link *link, int family) | ||
27 | link->l_family = family; | ||
28 | link->ce_mask |= LINK_ATTR_FAMILY; | ||
29 | |||
30 | - if (link->l_af_ops) | ||
31 | + if (link->l_af_ops) { | ||
32 | af_free(link, link->l_af_ops, | ||
33 | link->l_af_data[link->l_af_ops->ao_family], NULL); | ||
34 | + link->l_af_data[link->l_af_ops->ao_family] = NULL; | ||
35 | + } | ||
36 | |||
37 | link->l_af_ops = af_lookup_and_alloc(link, family); | ||
38 | } | ||
39 | -- | ||
40 | 1.8.4 | ||
41 | |||