blobmsg: fix heap buffer overflow in blobmsg_parse
Fixes following error found by the fuzzer: ==29774==ERROR: AddressSanitizer: heap-buffer-overflow READ of size 1 at 0x6020004f1c56 thread T0 #0 strcmp sanitizer_common_interceptors.inc:442:3 #1 blobmsg_parse blobmsg.c:168:8 Signed-off-by: Petr Štetiar <ynezz@true.cz>
This commit is contained in:
parent
4dfd24ed88
commit
f2b2ee441a
1 changed files with 3 additions and 0 deletions
|
@ -53,6 +53,9 @@ bool blobmsg_check_attr(const struct blob_attr *attr, bool name)
|
||||||
|
|
||||||
id = blob_id(attr);
|
id = blob_id(attr);
|
||||||
len = blobmsg_data_len(attr);
|
len = blobmsg_data_len(attr);
|
||||||
|
if (len > blob_raw_len(attr))
|
||||||
|
return false;
|
||||||
|
|
||||||
data = blobmsg_data(attr);
|
data = blobmsg_data(attr);
|
||||||
|
|
||||||
if (id > BLOBMSG_TYPE_LAST)
|
if (id > BLOBMSG_TYPE_LAST)
|
||||||
|
|
Loading…
Reference in a new issue