When developing a C application that updates options with uci_set I
noticed that config files were not getting these updates. I found
that this was due to a use-after-free bug in uci_set.
Looking further at the code I also noticed some other issues. This
patch series contains fixes to these issues as well as some other
improvements.
Jan Venekamp (9):
uci: fix use-after-free uci_set on update option
uci: maintain option position in uci_set
uci: optimize update option in uci_set
uci: fix use-after-free uci_add_list
uci: fix atomicity of uci_add_list
uci: maintain option position in uci_add_list
uci: fix memory leak uci_set on update section
uci: optimize update section in uci_set
uci: macro uci_alloc_element not in uci.h
list.c | 168 ++++++++++++--------------
tests/shunit2/tests.d/090_cli_options | 8 +-
uci.h | 10 --
uci_internal.h | 3 +
4 files changed, 87 insertions(+), 102 deletions(-)
Interdiff against v1:
diff --git a/list.c b/list.c
index 89c70f0..1640213 100644
--- a/list.c
+++ b/list.c
@@ -734,10 +734,10 @@ int uci_set(struct uci_context *ctx, struct uci_ptr *ptr)
strcpy(ptr->s->type, ptr->value);
} else {
struct uci_section *old = ptr->s;
- ptr->s = uci_alloc_section(ptr->p, ptr->value,
ptr->section, &old->e.list);
+ ptr->s = uci_alloc_section(ptr->p, ptr->value,
old->e.name, &old->e.list);
uci_section_transfer_options(ptr->s, old);
if (ptr->section == old->e.name)
- ptr->section = ptr->o->e.name;
+ ptr->section = ptr->s->e.name;
uci_free_section(old);
ptr->s->package->n_section--;
ptr->last = &ptr->s->e;
--
2.32.0 (Apple Git-132)
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
