blob: make blob_parse_untrusted more permissive

Some tools like ucert use concatenations of multiple blobs. Account for
this case by allowing the underlying buffer length to be greater than
the blob length.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
This commit is contained in:
Matthias Schiffer 2020-05-16 22:22:10 +02:00
parent 5e75160f48
commit 86818eaa97
No known key found for this signature in database
GPG key ID: 16EF3F64CB201D9C
3 changed files with 47 additions and 1 deletions

2
blob.c
View file

@ -277,7 +277,7 @@ blob_parse_untrusted(struct blob_attr *attr, size_t attr_len, struct blob_attr *
return 0; return 0;
len = blob_raw_len(attr); len = blob_raw_len(attr);
if (len != attr_len) if (attr_len < len)
return 0; return 0;
memset(data, 0, sizeof(struct blob_attr *) * max); memset(data, 0, sizeof(struct blob_attr *) * max);

Binary file not shown.

View file

@ -21,6 +21,29 @@ check that blob_parse is producing expected results:
} }
--- ---
$ valgrind --quiet --leak-check=full test-blob-parse $TEST_INPUTS/signature.ucert
=== CHAIN ELEMENT 01 ===
signature:
---
untrusted comment: signed by key ca85add129e64bab
RWTKha3RKeZLq0Sb8kCH9p/3BcFFud8rJnZiRICyRNhjbbpeZSwO2VhkwGaMd7ujW2/YSvT3O67pB0QguV6czgpP5kLX4AKBaQ4=
---
payload:
---
"ucert": {
\t"certtype": 1, (esc)
\t"validfrom": 1588532405, (esc)
\t"expiresat": 1620068405, (esc)
\t"pubkey": "untrusted comment: Local build key\\nRWTKha3RKeZLq1EaPsqvnXu+FqLMHZIS7nvDgwjpRo69j+th6eihGvQo\\n" (esc)
}
---
=== CHAIN ELEMENT 02 ===
signature:
---
untrusted comment: signed by key ca85add129e64bab
RWTKha3RKeZLq9VW9CIMyumCQ4J0iFPLQYXr/YvUhw0OTrwpSh2XpKaRZQNZCXfO8ooMOCvG2TPor2veDjskHP1R2RGPIHp57wA=
---
$ valgrind --quiet --leak-check=full test-blob-parse $TEST_INPUTS/invalid.ucert $ valgrind --quiet --leak-check=full test-blob-parse $TEST_INPUTS/invalid.ucert
cannot parse cert invalid.ucert cannot parse cert invalid.ucert
@ -41,6 +64,29 @@ check that blob_parse is producing expected results:
} }
--- ---
$ test-blob-parse-san $TEST_INPUTS/signature.ucert
=== CHAIN ELEMENT 01 ===
signature:
---
untrusted comment: signed by key ca85add129e64bab
RWTKha3RKeZLq0Sb8kCH9p/3BcFFud8rJnZiRICyRNhjbbpeZSwO2VhkwGaMd7ujW2/YSvT3O67pB0QguV6czgpP5kLX4AKBaQ4=
---
payload:
---
"ucert": {
\t"certtype": 1, (esc)
\t"validfrom": 1588532405, (esc)
\t"expiresat": 1620068405, (esc)
\t"pubkey": "untrusted comment: Local build key\\nRWTKha3RKeZLq1EaPsqvnXu+FqLMHZIS7nvDgwjpRo69j+th6eihGvQo\\n" (esc)
}
---
=== CHAIN ELEMENT 02 ===
signature:
---
untrusted comment: signed by key ca85add129e64bab
RWTKha3RKeZLq9VW9CIMyumCQ4J0iFPLQYXr/YvUhw0OTrwpSh2XpKaRZQNZCXfO8ooMOCvG2TPor2veDjskHP1R2RGPIHp57wA=
---
$ test-blob-parse-san $TEST_INPUTS/invalid.ucert $ test-blob-parse-san $TEST_INPUTS/invalid.ucert
cannot parse cert invalid.ucert cannot parse cert invalid.ucert