blobmsg: fix heap buffer overflow in blobmsg_parse

Fixes following error found by the fuzzer:

 ==29774==ERROR: AddressSanitizer: heap-buffer-overflow
 READ of size 1 at 0x6020004f1c56 thread T0
     #0 strcmp sanitizer_common_interceptors.inc:442:3
     #1 blobmsg_parse blobmsg.c:168:8

Signed-off-by: Petr Štetiar <ynezz@true.cz>
This commit is contained in:
Petr Štetiar 2019-12-10 12:02:40 +01:00
parent 4dfd24ed88
commit f2b2ee441a

View file

@ -53,6 +53,9 @@ bool blobmsg_check_attr(const struct blob_attr *attr, bool name)
id = blob_id(attr); id = blob_id(attr);
len = blobmsg_data_len(attr); len = blobmsg_data_len(attr);
if (len > blob_raw_len(attr))
return false;
data = blobmsg_data(attr); data = blobmsg_data(attr);
if (id > BLOBMSG_TYPE_LAST) if (id > BLOBMSG_TYPE_LAST)