From 458c3937bca9db8402e898227bdac07d36959fee Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Wed, 16 Oct 2013 01:22:02 +0200 Subject: [PATCH] blob: add a magic offset to nesting cookies to ensure that NULL is never returned as a normal value Signed-off-by: Felix Fietkau --- blob.c | 6 +++--- blob.h | 2 ++ blobmsg.c | 4 ++-- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/blob.c b/blob.c index 6d66fcd..faa3bb8 100644 --- a/blob.c +++ b/blob.c @@ -40,14 +40,14 @@ blob_init(struct blob_attr *attr, int id, unsigned int len) static inline struct blob_attr * offset_to_attr(struct blob_buf *buf, int offset) { - void *ptr = (char *)buf->buf + offset; + void *ptr = (char *)buf->buf + offset - BLOB_COOKIE; return ptr; } static inline int attr_to_offset(struct blob_buf *buf, struct blob_attr *attr) { - return (char *)attr - (char *) buf->buf; + return (char *)attr - (char *) buf->buf + BLOB_COOKIE; } void @@ -65,7 +65,7 @@ static struct blob_attr * blob_add(struct blob_buf *buf, struct blob_attr *pos, int id, int payload) { int offset = attr_to_offset(buf, pos); - int required = (offset + sizeof(struct blob_attr) + payload) - buf->buflen; + int required = (offset - BLOB_COOKIE + sizeof(struct blob_attr) + payload) - buf->buflen; struct blob_attr *attr; if (required > 0) { diff --git a/blob.h b/blob.h index 846de6e..fa430a8 100644 --- a/blob.h +++ b/blob.h @@ -28,6 +28,8 @@ #include "utils.h" +#define BLOB_COOKIE 0x01234567 + enum { BLOB_ATTR_UNSPEC, BLOB_ATTR_NESTED, diff --git a/blobmsg.c b/blobmsg.c index 62f83cc..3076620 100644 --- a/blobmsg.c +++ b/blobmsg.c @@ -195,7 +195,7 @@ blobmsg_new(struct blob_buf *buf, int type, const char *name, int payload_len, v static inline int attr_to_offset(struct blob_buf *buf, struct blob_attr *attr) { - return (char *)attr - (char *) buf->buf; + return (char *)attr - (char *) buf->buf + BLOB_COOKIE; } @@ -262,7 +262,7 @@ void * blobmsg_realloc_string_buffer(struct blob_buf *buf, int maxlen) { struct blob_attr *attr = blob_next(buf->head); - int offset = attr_to_offset(buf, blob_next(buf->head)) + blob_pad_len(attr); + int offset = attr_to_offset(buf, blob_next(buf->head)) + blob_pad_len(attr) - BLOB_COOKIE; int required = maxlen - (buf->buflen - offset); if (required <= 0)