blob: fix exceeding maximum buffer length
Currently there is no measure in place to prevent the blob buffer to exceed its maximum allowed length of 16MB. Continuously calling blob_add() will expand the buffer until it exceeds BLOB_ATTR_LEN_MASK and after that will return valid blob_attr pointer without increasing the buflen. A test program was added in the previous commit, this one fixes the issue by asserting that the new bufflen after grow does not exceed BLOB_ATTR_LEN_MASK. Signed-off-by: Zefir Kurtisi <zefir.kurtisi@gmail.com>
This commit is contained in:
Zefir Kurtisi
Petr Štetiar
parent
a0dbcf8b8f
commit
b36a3a9009
1 changed files with 2 additions and 0 deletions
2
blob.c
2
blob.c
|
|
@ -58,6 +58,8 @@ blob_buf_grow(struct blob_buf *buf, int required)
|
||||||
{
|
{
|
||||||
int offset_head = attr_to_offset(buf, buf->head);
|
int offset_head = attr_to_offset(buf, buf->head);
|
||||||
|
|
||||||
|
if ((buf->buflen + required) > BLOB_ATTR_LEN_MASK)
|
||||||
|
return false;
|
||||||
if (!buf->grow || !buf->grow(buf, required))
|
if (!buf->grow || !buf->grow(buf, required))
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue