projects / project / uci.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7e01d66) | patch
uci: fix use-after-free uci_add_list
authorJan Venekamp <jan@venekamp.net>
Sun, 20 Nov 2022 01:08:23 +0000 (02:08 +0100)
committerHauke Mehrtens <hauke@hauke-m.de>
Sat, 4 Mar 2023 18:39:32 +0000 (19:39 +0100)
commit47697e6579be2c9f4cfc51eec1d35d453c3c7c5e
tree700e4f7cb3971ac2a08cfa7a8573cca695ed141ctree | snapshot
parent7e01d66d7bec5f9e3694dcad25c472327a0ff352commit | diff
uci: fix use-after-free uci_add_list

When uci_add_list is called with ptr->o set and ptr->option = NULL,
then in uci_expand_ptr ptr->option is set to ptr->o->e.name.
If ptr->o->type is UCI_TYPE_STRING then prev is set to ptr->o.
This will result in use-after-free because ptr->option is used in
the call to uci_add_delta in uci_add_element_list after
uci_free_option(prev).

Signed-off-by: Jan Venekamp <jan@venekamp.net>
list.c diff | blob | history
OpenWrt Unified Configuration Interface