From e343507bd4cbb2b9cfa58cbc031ccaf2a2dfbf67 Mon Sep 17 00:00:00 2001
From: Lubomir Rintel <lkundrak@v3.sk>
Date: Wed, 18 Feb 2015 16:04:43 +0100
Subject: [PATCH] linux-platform: dont use-after-free the driver string

==1345== Invalid read of size 1
==1345==    at 0x827DC15: vfprintf (vfprintf.c:1642)
==1345==    by 0x8345D04: __vasprintf_chk (vasprintf_chk.c:66)
==1345==    by 0x7F882DB: vasprintf (stdio2.h:210)
==1345==    by 0x7F882DB: g_vasprintf (gprintf.c:316)
==1345==    by 0x7F6319C: g_strdup_vprintf (gstrfuncs.c:507)
==1345==    by 0x7F63258: g_strdup_printf (gstrfuncs.c:533)
==1345==    by 0x472833: nm_platform_link_to_string (nm-platform.c:2337)
==1345==    by 0x472A05: log_link (nm-platform.c:2754)
==1345==    by 0x9DC5D5F: ffi_call_unix64 (unix64.S:76)
==1345==    by 0x9DC57D0: ffi_call (ffi64.c:525)
==1345==    by 0x7CBA553: g_cclosure_marshal_generic (gclosure.c:1448)
==1345==    by 0x7CB9D34: g_closure_invoke (gclosure.c:768)
==1345==    by 0x7CCB34B: signal_emit_unlocked_R (gsignal.c:3483)
==1345==  Address 0xa91b5a0 is 0 bytes inside a block of size 5 free'd
==1345==    at 0x4C2ACE9: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==1345==    by 0x68E7D6D: link_free_data (link.c:223)
==1345==    by 0x6D47B1F: nl_object_free (object.c:186)
==1345==    by 0x46C31C: put_nl_object (nm-linux-platform.c:222)
==1345==    by 0x46C31C: link_change (nm-linux-platform.c:2354)
==1345==    by 0x46C87F: link_set_user_ipv6ll_enabled (nm-linux-platform.c:2583)
==1345==    by 0x4476C4: set_nm_ipv6ll (nm-device.c:4418)
==1345==    by 0x4476C4: ip6_managed_setup (nm-device.c:7515)
==1345==    by 0x453F12: _set_state_full (nm-device.c:7665)
==1345==    by 0x4B6609: add_device (nm-manager.c:1885)
==1345==    by 0x4B6880: system_create_virtual_device (nm-manager.c:1126)
==1345==    by 0x4B6B40: system_create_virtual_devices (nm-manager.c:1163)
==1345==    by 0x4B6E00: platform_link_added (nm-manager.c:2213)
==1345==    by 0x4B6E00: platform_link_cb (nm-manager.c:2228)
==1345==    by 0x9DC5D5F: ffi_call_unix64 (unix64.S:76)

(cherry picked from commit f93f0e0b15830e4e265ad7b6877407e64f0185f2)
---
 src/platform/nm-linux-platform.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/platform/nm-linux-platform.c b/src/platform/nm-linux-platform.c
index 9d306bf610..de29d034ef 100644
--- a/src/platform/nm-linux-platform.c
+++ b/src/platform/nm-linux-platform.c
@@ -1008,7 +1008,7 @@ init_link (NMPlatform *platform, NMPlatformLink *info, struct rtnl_link *rtnllin
 	if (udev_device) {
 		info->driver = udev_get_driver (platform, udev_device, info->ifindex);
 		if (!info->driver)
-			info->driver = rtnl_link_get_type (rtnllink);
+			info->driver = g_intern_string (rtnl_link_get_type (rtnllink));
 		if (!info->driver)
 			info->driver = ethtool_get_driver (info->name);
 		if (!info->driver)