Fix use-after-free in hash implementation. If a value is added to the hash under a key that already exists the new value replaces the old value for that key. Since key can be a pointer to data that is part of value and freed by hash->free_value(), the key must be also replaced and not only the value. Otherwise key potentially points to freed data.

commit: 86e19e9acd62e5729fa66e850fd13df991ae7fca [log] [tgz]
author: Lukas Anzinger <lukas@lukasanzinger.at> Sun May 18 18:40:19 2014 +0200
committer: Lucas De Marchi <lucas.demarchi@intel.com> Sun May 18 16:04:50 2014 -0300
tree: 77b1e642a7ffbcc1d825cee13ffcdf975c838536
parent: 30bfd48aeffa6465d2de0e927cdfc6205c1f1fd2 [diff]
diff --git a/libkmod/libkmod-hash.c b/libkmod/libkmod-hash.c
index c751d2d..eb7afb7 100644
--- a/libkmod/libkmod-hash.c
+++ b/libkmod/libkmod-hash.c

@@ -169,6 +169,7 @@
 		if (c == 0) {
 			if (hash->free_value)
 				hash->free_value((void *)entry->value);
+			entry->key = key;
 			entry->value = value;
 			return 0;
 		} else if (c < 0) {
commit	86e19e9acd62e5729fa66e850fd13df991ae7fca	[log] [tgz]
author	Lukas Anzinger <lukas@lukasanzinger.at>	Sun May 18 18:40:19 2014 +0200
committer	Lucas De Marchi <lucas.demarchi@intel.com>	Sun May 18 16:04:50 2014 -0300
tree	77b1e642a7ffbcc1d825cee13ffcdf975c838536
parent	30bfd48aeffa6465d2de0e927cdfc6205c1f1fd2 [diff]