xbps: merge another patch from master to fix a user-after-free.

This commit is contained in:
Juan RP 2013-03-26 10:50:27 +01:00
parent b4b839d8b1
commit d12963549e
2 changed files with 31 additions and 1 deletions

View file

@ -0,0 +1,30 @@
From 7c4f20ba89bee94b5259df3b0b1af0bb1deeab0a Mon Sep 17 00:00:00 2001
From: Juan RP <xtraeme@gmail.com>
Date: Tue, 26 Mar 2013 10:35:20 +0100
Subject: [PATCH] lib/transaction_commit.c: fix a use-after-free in state cb
(found by ojab).
---
lib/transaction_commit.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/transaction_commit.c b/lib/transaction_commit.c
index dd148b0..e1edf7b 100644
--- lib/transaction_commit.c
+++ lib/transaction_commit.c
@@ -88,11 +88,11 @@ check_binpkgs_hash(struct xbps_handle *xhp, prop_object_iterator_t iter)
rv = xbps_file_hash_check(binfile, sha256);
if (rv != 0) {
free(binfile);
- free(filen);
xbps_set_cb_state(xhp, XBPS_STATE_VERIFY_FAIL,
rv, pkgver,
"Failed to verify `%s' package integrity: %s",
filen, strerror(rv));
+ free(filen);
break;
}
free(binfile);
--
1.8.2

View file

@ -1,7 +1,7 @@
# Template file for 'xbps'
pkgname=xbps
version=0.22
revision=2
revision=3
build_style=configure
configure_args="--prefix=/ --exec-prefix=/usr --sbindir=/usr/sbin
--enable-static --enable-debug --enable-tests"