blobmsg: fix heap buffer overflow in blobmsg_parse

Fixes following error found by the fuzzer: ==29774==ERROR: AddressSanitizer: heap-buffer-overflow READ of size 1 at 0x6020004f1c56 thread T0 #0 strcmp sanitizer_common_interceptors.inc:442:3 #1 blobmsg_parse blobmsg.c:168:8 Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-10 12:02:40 +01:00 · 2019-12-10 12:02:40 +01:00 · f2b2ee441a
commit f2b2ee441a
parent 4dfd24ed88
1 changed files with 3 additions and 0 deletions
--- a/blobmsg.c
+++ b/blobmsg.c
@ -53,6 +53,9 @@ bool blobmsg_check_attr(const struct blob_attr *attr, bool name)

 	id = blob_id(attr);
 	len = blobmsg_data_len(attr);
+	if (len > blob_raw_len(attr))
+		return false;
+
 	data = blobmsg_data(attr);

 	if (id > BLOBMSG_TYPE_LAST)