diff options
author | Khem Raj <raj.khem@gmail.com> | 2013-11-11 20:15:53 -0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2013-11-20 14:02:53 +0000 |
commit | 3c58ea10f90c657d34133d7244a550456bc93cf9 (patch) | |
tree | 872079f0925fdc6f655dda6eedfc50de742b263b | |
parent | 67f44193135c789e478410347ff58ed110ed9484 (diff) | |
download | openembedded-core-3c58ea10f90c657d34133d7244a550456bc93cf9.tar.gz openembedded-core-3c58ea10f90c657d34133d7244a550456bc93cf9.tar.bz2 openembedded-core-3c58ea10f90c657d34133d7244a550456bc93cf9.zip |
libnl: Fix random segfaults due to memory corruption
This is a backport from upstream fixes a severe problem
w.r.t memory management, where it would result in random
segfaults in applications depending on libnl
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
-rw-r--r-- | meta/recipes-support/libnl/libnl/0001-fix-double-free-caused-by-freeing-link-af_data-in-rt.patch | 41 | ||||
-rw-r--r-- | meta/recipes-support/libnl/libnl_3.2.22.bb | 4 |
2 files changed, 44 insertions, 1 deletions
diff --git a/meta/recipes-support/libnl/libnl/0001-fix-double-free-caused-by-freeing-link-af_data-in-rt.patch b/meta/recipes-support/libnl/libnl/0001-fix-double-free-caused-by-freeing-link-af_data-in-rt.patch new file mode 100644 index 0000000000..6d2c8ff72d --- /dev/null +++ b/meta/recipes-support/libnl/libnl/0001-fix-double-free-caused-by-freeing-link-af_data-in-rt.patch @@ -0,0 +1,41 @@ +From 6f37b439af7e96104aadd8ec3ae8d3882df8d102 Mon Sep 17 00:00:00 2001 +From: Jiri Pirko <jiri@resnulli.us> +Date: Wed, 21 Aug 2013 14:40:34 +0200 +Subject: [PATCH] fix double free caused by freeing link af_data in + rtnl_link_set_family() + +Introduced by commit 8026fe2e3a9089eff3f5a06ee6e3cc78d96334ed ("link: +Free and realloc af specific data upon rtnl_link_set_family()") + +link->l_af_data[link->l_af_ops->ao_family] is freed here but not set to +zero. That leads to double free made by link_free_data->do_foreach_af. + +Fix this by setting link->l_af_data[link->l_af_ops->ao_family] to zero +rigth after free. + +Signed-off-by: Jiri Pirko <jiri@resnulli.us> +Signed-off-by: Thomas Graf <tgraf@suug.ch> +--- + lib/route/link.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/lib/route/link.c b/lib/route/link.c +index a73e1db..0bb90a0 100644 +--- a/lib/route/link.c ++++ b/lib/route/link.c +@@ -1762,9 +1762,11 @@ void rtnl_link_set_family(struct rtnl_link *link, int family) + link->l_family = family; + link->ce_mask |= LINK_ATTR_FAMILY; + +- if (link->l_af_ops) ++ if (link->l_af_ops) { + af_free(link, link->l_af_ops, + link->l_af_data[link->l_af_ops->ao_family], NULL); ++ link->l_af_data[link->l_af_ops->ao_family] = NULL; ++ } + + link->l_af_ops = af_lookup_and_alloc(link, family); + } +-- +1.8.4 + diff --git a/meta/recipes-support/libnl/libnl_3.2.22.bb b/meta/recipes-support/libnl/libnl_3.2.22.bb index 30f85b2995..3c31b1ac86 100644 --- a/meta/recipes-support/libnl/libnl_3.2.22.bb +++ b/meta/recipes-support/libnl/libnl_3.2.22.bb @@ -12,7 +12,9 @@ DEPENDS = "flex-native bison-native" SRC_URI = "http://www.infradead.org/~tgr/${BPN}/files/${BP}.tar.gz \ file://fix-pktloc_syntax_h-race.patch \ file://fix-pc-file.patch \ - file://fix-lib-cache_mngr.c-two-parentheses-bugs.patch" + file://fix-lib-cache_mngr.c-two-parentheses-bugs.patch \ + file://0001-fix-double-free-caused-by-freeing-link-af_data-in-rt.patch \ + " SRC_URI[md5sum] = "2e1c889494d274aca24ce5f6a748e66e" SRC_URI[sha256sum] = "c7c5f267dfeae0c1a530bf96b71fb7c8dbbb07d54beef49b6712d8d6166f629b" |