From: Lukas Anzinger <lukas@lukasanzinger.at>
Date: Sun, 18 May 2014 16:40:19 +0000 (+0200)
Subject: Fix use-after-free in hash implementation.
X-Git-Tag: v18~11
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=86e19e9acd62e5729fa66e850fd13df991ae7fca;p=platform%2Fupstream%2Fkmod.git

Fix use-after-free in hash implementation.

If a value is added to the hash under a key that already exists the new value
replaces the old value for that key. Since key can be a pointer to data that
is part of value and freed by hash->free_value(), the key must be also
replaced and not only the value. Otherwise key potentially points to freed data.
---

diff --git a/libkmod/libkmod-hash.c b/libkmod/libkmod-hash.c
index c751d2d..eb7afb7 100644
--- a/libkmod/libkmod-hash.c
+++ b/libkmod/libkmod-hash.c
@@ -169,6 +169,7 @@ int hash_add(struct hash *hash, const char *key, const void *value)
 		if (c == 0) {
 			if (hash->free_value)
 				hash->free_value((void *)entry->value);
+			entry->key = key;
 			entry->value = value;
 			return 0;
 		} else if (c < 0) {