projects / project / ubus.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5db90db) | patch
ubusd: replace ubusd_msg_unshare() with ubus_msg_new() to prevent invalid free-ing
authorAlexandru Ardelean <ardeleanalex@gmail.com>
Fri, 27 Jun 2014 16:11:43 +0000 (19:11 +0300)
committerFelix Fietkau <nbd@openwrt.org>
Thu, 3 Jul 2014 10:45:49 +0000 (12:45 +0200)
commit996e16b2cb79ae3e46742285ee2728f3a166b42a
tree5bf1e42bc4c88e1a75186500104f0958fc0f383dtree | snapshot
parent5db90dbc941da701c397b04ddce2515a231df59bcommit | diff
ubusd: replace ubusd_msg_unshare() with ubus_msg_new() to prevent invalid free-ing

The realloc is problematic mostly with large packets, as the pointer changes
so what eventually gets free'd is invalid.
Note that ub ptr param in the  call will be passed on to a ubus_msg_free(),
right after ubus_msg_ref() finishes.

This bug stayed hidden the same way as the bug in libubus writev_retry().
Since the write/sendmsg function can send about ~200k the ubus_msg_enqueue()
call does not get triggered.
ubusd.c diff | blob | history
OpenWrt system message/RPC bus