From 86e19e9acd62e5729fa66e850fd13df991ae7fca Mon Sep 17 00:00:00 2001 From: Lukas Anzinger Date: Sun, 18 May 2014 18:40:19 +0200 Subject: [PATCH] Fix use-after-free in hash implementation. If a value is added to the hash under a key that already exists the new value replaces the old value for that key. Since key can be a pointer to data that is part of value and freed by hash->free_value(), the key must be also replaced and not only the value. Otherwise key potentially points to freed data. --- libkmod/libkmod-hash.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libkmod/libkmod-hash.c b/libkmod/libkmod-hash.c index c751d2d..eb7afb7 100644 --- a/libkmod/libkmod-hash.c +++ b/libkmod/libkmod-hash.c @@ -169,6 +169,7 @@ int hash_add(struct hash *hash, const char *key, const void *value) if (c == 0) { if (hash->free_value) hash->free_value((void *)entry->value); + entry->key = key; entry->value = value; return 0; } else if (c < 0) { -- 2.7.4