diff mbox series

[OpenWrt-Devel,libubox] blob: make blob_parse_untrusted more permissive

Message ID c40509001d8fedcd1a1ad7ad694766cd8ac92111.1589662192.git.mschiffer@universe-factory.net
State Superseded
Delegated to: Matthias Schiffer
Headers show
Series ucert fixes and cleanup | expand

Commit Message

Matthias Schiffer May 16, 2020, 9:13 p.m. UTC 
Some tools like ucert use concatenations of multiple blobs. Account for
this case by allowing the underlying buffer length to be greater than
the blog length.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
---
 blob.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Petr Štetiar May 17, 2020, 8:13 a.m. UTC | #1 
Matthias Schiffer <mschiffer@universe-factory.net> [2020-05-16 23:13:50]:

Hi,

> Some tools like ucert use concatenations of multiple blobs. Account for
> this case by allowing the underlying buffer length to be greater than
> the blog length.

in order to prevent future regression, could you please add a test case for
this as well? Probably into tests/cram/test_blob_parse.t, thanks!

-- ynezz
diff mbox series

Patch

diff --git a/blob.c b/blob.c
index 528e717615d6..433becb904f5 100644
--- a/blob.c
+++ b/blob.c
@@ -277,7 +277,7 @@  blob_parse_untrusted(struct blob_attr *attr, size_t attr_len, struct blob_attr *
 		return 0;
 
 	len = blob_raw_len(attr);
-	if (len != attr_len)
+	if (attr_len < len)
 		return 0;
 
 	memset(data, 0, sizeof(struct blob_attr *) * max);