@@ -277,7 +277,7 @@ blob_parse_untrusted(struct blob_attr *attr, size_t attr_len, struct blob_attr *
return 0;
len = blob_raw_len(attr);
- if (len != attr_len)
+ if (attr_len < len)
return 0;
memset(data, 0, sizeof(struct blob_attr *) * max);
new file mode 100644
GIT binary patch
literal 516
zcmbu5J(HSH6o!vQcCywMThd#os3@7)LNSVp^5rU0?Cb^Z%7?%exUi(mZu<0T@()s_
z-(r8*qNy^IF4Z~bY2Nd^05t~ye$XgOXqsV%vEwkrQTB;Ry+c&pR>=goWNb9-Bgg5m
zJmz{9vg+Dyvvg5cTVhi>wRLM42qI5f-LXBLQfHVfBGc36LaD7?-?9ic^+IO1Zcxn7
z${A39$F}x*zUj)`fQ;Mffo?hb%Yi8UKr(ux<rt~G+d9+$-o667!Ut;OB!h1N4fuFo
zvy$NIbAZ|lzztmI=;%3*NgQ6_{jbLFKO8?1FTp9wF8txU*nb8H;fheJ@;bwRxJ$8(
zj*LaUqjR?ZTekBVDd{PX4BDKYq?KsS^+A+R4uwy&nB)Cs=5p9`XSo{JFQEWGtNFhj
z^V=OS%vU811+}+mds9VH_eRp%=XY+=mN!X3beA>A5^1KoHU;BR9>(!X7V;UpQR0Nn
W@x)I9QR!%`HdE#z=?{ug)$uzzLZ2Z3
literal 0
HcmV?d00001
@@ -21,6 +21,29 @@ check that blob_parse is producing expected results:
}
---
+ $ valgrind --quiet --leak-check=full test-blob-parse $TEST_INPUTS/signature.ucert
+ === CHAIN ELEMENT 01 ===
+ signature:
+ ---
+ untrusted comment: signed by key ca85add129e64bab
+ RWTKha3RKeZLq0Sb8kCH9p/3BcFFud8rJnZiRICyRNhjbbpeZSwO2VhkwGaMd7ujW2/YSvT3O67pB0QguV6czgpP5kLX4AKBaQ4=
+ ---
+ payload:
+ ---
+ "ucert": {
+ \t"certtype": 1, (esc)
+ \t"validfrom": 1588532405, (esc)
+ \t"expiresat": 1620068405, (esc)
+ \t"pubkey": "untrusted comment: Local build key\\nRWTKha3RKeZLq1EaPsqvnXu+FqLMHZIS7nvDgwjpRo69j+th6eihGvQo\\n" (esc)
+ }
+ ---
+ === CHAIN ELEMENT 02 ===
+ signature:
+ ---
+ untrusted comment: signed by key ca85add129e64bab
+ RWTKha3RKeZLq9VW9CIMyumCQ4J0iFPLQYXr/YvUhw0OTrwpSh2XpKaRZQNZCXfO8ooMOCvG2TPor2veDjskHP1R2RGPIHp57wA=
+ ---
+
$ valgrind --quiet --leak-check=full test-blob-parse $TEST_INPUTS/invalid.ucert
cannot parse cert invalid.ucert
@@ -41,6 +64,29 @@ check that blob_parse is producing expected results:
}
---
+ $ test-blob-parse-san $TEST_INPUTS/signature.ucert
+ === CHAIN ELEMENT 01 ===
+ signature:
+ ---
+ untrusted comment: signed by key ca85add129e64bab
+ RWTKha3RKeZLq0Sb8kCH9p/3BcFFud8rJnZiRICyRNhjbbpeZSwO2VhkwGaMd7ujW2/YSvT3O67pB0QguV6czgpP5kLX4AKBaQ4=
+ ---
+ payload:
+ ---
+ "ucert": {
+ \t"certtype": 1, (esc)
+ \t"validfrom": 1588532405, (esc)
+ \t"expiresat": 1620068405, (esc)
+ \t"pubkey": "untrusted comment: Local build key\\nRWTKha3RKeZLq1EaPsqvnXu+FqLMHZIS7nvDgwjpRo69j+th6eihGvQo\\n" (esc)
+ }
+ ---
+ === CHAIN ELEMENT 02 ===
+ signature:
+ ---
+ untrusted comment: signed by key ca85add129e64bab
+ RWTKha3RKeZLq9VW9CIMyumCQ4J0iFPLQYXr/YvUhw0OTrwpSh2XpKaRZQNZCXfO8ooMOCvG2TPor2veDjskHP1R2RGPIHp57wA=
+ ---
+
$ test-blob-parse-san $TEST_INPUTS/invalid.ucert
cannot parse cert invalid.ucert
Some tools like ucert use concatenations of multiple blobs. Account for this case by allowing the underlying buffer length to be greater than the blob length. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net> --- v2: added testcase v3: fixed typo in commit messages I forgot in v2. Ugh blob.c | 2 +- tests/cram/inputs/signature.ucert | Bin 0 -> 516 bytes tests/cram/test_blob_parse.t | 46 ++++++++++++++++++++++++++++++ 3 files changed, 47 insertions(+), 1 deletion(-) create mode 100644 tests/cram/inputs/signature.ucert