aboutsummaryrefslogtreecommitdiffstats
path: root/recipes-core/swupd-server/swupd-server/0005-xattrs.c-Avoid-freeing-dangling-pointers.patch
blob: 07068622431d06c76a8cbade071843dabd97e942 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
From 5a061a5d332e11fa55ea2ecd68554e77c2bbc36e Mon Sep 17 00:00:00 2001
From: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
Date: Mon, 14 Mar 2016 16:44:00 +0200
Subject: [PATCH] xattrs.c: Avoid freeing dangling pointers

It may happen that in a new version of a file xattrs
get added or removed. In this case one of the xattr
strings points to the bogus 0xdeadcafe address.
In order to avoid freeing the dangling pointer check
the length of the xattr string.

Upstream-Status: Backport [v2.54+]

Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
---
 src/xattrs.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/xattrs.c b/src/xattrs.c
index bf7256c..16905bd 100644
--- a/src/xattrs.c
+++ b/src/xattrs.c
@@ -242,8 +242,8 @@ int xattrs_compare(const char *filename1, const char *filename2)
 {
 	char *new_xattrs;
 	char *old_xattrs;
-	size_t new_xattrs_len;
-	size_t old_xattrs_len;
+	size_t new_xattrs_len = 0;
+	size_t old_xattrs_len = 0;
 	int ret = 0;
 
 	xattrs_get_blob(filename1, &old_xattrs, &old_xattrs_len);
@@ -258,8 +258,10 @@ int xattrs_compare(const char *filename1, const char *filename2)
 		ret = -1;
 	}
 
-	free(old_xattrs);
-	free(new_xattrs);
+	if (old_xattrs_len)
+		free(old_xattrs);
+	if (new_xattrs_len)
+		free(new_xattrs);
 
 	return ret;
 }
-- 
2.5.0