From: Jo-Philipp Wich <jo@mein.io>
Date: Fri, 10 Feb 2017 10:04:10 +0000 (+0100)
Subject: libopkg: fix use-after-free with duplicate packages on the command line
X-Git-Url: http://git.openwrt.org/?a=commitdiff_plain;h=1c02cdf4b0c932edc4180199057416363aa7048a;p=project%2Fopkg-lede.git

libopkg: fix use-after-free with duplicate packages on the command line

When the same package file is specified multiple times on the opkg install
command line, the name pointer on the argv array becomes stale after the
package structures have been merged, leading to invalid memory accesses
upon install.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
---

diff --git a/libopkg/opkg_download.c b/libopkg/opkg_download.c
index 97e1a84..631bdab 100644
--- a/libopkg/opkg_download.c
+++ b/libopkg/opkg_download.c
@@ -335,7 +335,7 @@ opkg_prepare_url_for_install(const char *url, char **namep)
      hash_insert_pkg(pkg, 1);
 
      if (namep) {
-	  *namep = pkg->name;
+	  *namep = xstrdup(pkg->name);
      }
      return 0;
 }