DGNum/libubox
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

blob: introduce blob_parse_untrusted

Browse source 
blob_parse can be only used on trusted input as it has no possibility to
check the length of the provided input buffer, which might lead to
undefined behaviour and/or crashes when supplied with malformed,
corrupted or otherwise specially crafted input.

So this introduces blob_parse_untrusted variant which expects additional
input buffer length argument and thus should be able to process also
inputs from untrusted sources.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
This commit is contained in:
Petr Štetiar 2019-12-09 14:11:45 +01:00
parent 6d27336e4a
commit 0b24e24b93
2 changed files with 31 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
blob.c
View file

@ -252,6 +252,30 @@ blob_parse_attr(struct blob_attr *attr, struct blob_attr **data, const struct bl
return found; return found;
} }
int
blob_parse_untrusted(struct blob_attr *attr, size_t attr_len, struct blob_attr **data, const struct blob_attr_info *info, int max)
{
struct blob_attr *pos;
size_t len = 0;
int found = 0;
size_t rem;
if (!attr || attr_len < sizeof(struct blob_attr))
return 0;
len = blob_raw_len(attr);
if (len != attr_len)
return 0;
memset(data, 0, sizeof(struct blob_attr *) * max);
blob_for_each_attr_len(pos, attr, len, rem) {
found += blob_parse_attr(pos, rem, data, info, max);
}
return found;
}
/* use only on trusted input, otherwise consider blob_parse_untrusted */
int int
blob_parse(struct blob_attr *attr, struct blob_attr **data, const struct blob_attr_info *info, int max) blob_parse(struct blob_attr *attr, struct blob_attr **data, const struct blob_attr_info *info, int max)
{ {

7
blob.h
View file

@ -199,6 +199,7 @@ extern void blob_nest_end(struct blob_buf *buf, void *cookie);
extern struct blob_attr *blob_put(struct blob_buf *buf, int id, const void *ptr, unsigned int len); extern struct blob_attr *blob_put(struct blob_buf *buf, int id, const void *ptr, unsigned int len);
extern bool blob_check_type(const void *ptr, unsigned int len, int type); extern bool blob_check_type(const void *ptr, unsigned int len, int type);
extern int blob_parse(struct blob_attr *attr, struct blob_attr **data, const struct blob_attr_info *info, int max); extern int blob_parse(struct blob_attr *attr, struct blob_attr **data, const struct blob_attr_info *info, int max);
extern int blob_parse_untrusted(struct blob_attr *attr, size_t attr_len, struct blob_attr **data, const struct blob_attr_info *info, int max);
extern struct blob_attr *blob_memdup(struct blob_attr *attr); extern struct blob_attr *blob_memdup(struct blob_attr *attr);
extern struct blob_attr *blob_put_raw(struct blob_buf *buf, const void *ptr, unsigned int len); extern struct blob_attr *blob_put_raw(struct blob_buf *buf, const void *ptr, unsigned int len);
@ -254,5 +255,11 @@ blob_put_u64(struct blob_buf *buf, int id, uint64_t val)
(blob_pad_len(pos) >= sizeof(struct blob_attr)); \ (blob_pad_len(pos) >= sizeof(struct blob_attr)); \
rem -= blob_pad_len(pos), pos = blob_next(pos)) rem -= blob_pad_len(pos), pos = blob_next(pos))
#define blob_for_each_attr_len(pos, attr, attr_len, rem) \
for (rem = attr ? blob_len(attr) : 0, \
pos = (struct blob_attr *) (attr ? blob_data(attr) : NULL); \
rem >= sizeof(struct blob_attr) && rem < attr_len && (blob_pad_len(pos) <= rem) && \
(blob_pad_len(pos) >= sizeof(struct blob_attr)); \
rem -= blob_pad_len(pos), pos = blob_next(pos))
#endif #endif