Hi Daniel, Yousong,
thanks for the reporting issue and the proposed patch. I'd prefer to go
with a minimal variant which merely zeroes the flags to avoid touching
too much code.
Imho the current uci_set() behavior of freeing uci_ptr members without
zeroing them is a bug that should be corrected
Hi Daniel,
On Mon, 28 Oct 2019 at 18:32, Daniel Danzberger wrote:
>
> Invalid reuse of pointers from uci_ptr can cause the rcpd to segfault on
> already freed memory.
> This bug could be trigged by calling 'set' with emtpy values on multiple non
> existing or already cleard options.
>
> For
Invalid reuse of pointers from uci_ptr can cause the rcpd to segfault on
already freed memory.
This bug could be trigged by calling 'set' with emtpy values on multiple non
existing or already cleard options.
For example:
ubus call uci set