Commit graph

27 commits

Author SHA1 Message Date
Zefir Kurtisi
b36a3a9009 blob: fix exceeding maximum buffer length
Currently there is no measure in place to prevent the blob buffer
to exceed its maximum allowed length of 16MB. Continuously
calling blob_add() will expand the buffer until it exceeds
BLOB_ATTR_LEN_MASK and after that will return valid blob_attr
pointer without increasing the buflen.

A test program was added in the previous commit, this one fixes
the issue by asserting that the new bufflen after grow does not
exceed BLOB_ATTR_LEN_MASK.

Signed-off-by: Zefir Kurtisi <zefir.kurtisi@gmail.com>
2021-04-29 15:34:21 +02:00
Matthias Schiffer
86818eaa97
blob: make blob_parse_untrusted more permissive
Some tools like ucert use concatenations of multiple blobs. Account for
this case by allowing the underlying buffer length to be greater than
the blob length.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2020-05-24 16:54:37 +02:00
Petr Štetiar
478597b9f9 blob: fix OOB access in blob_check_type
Found by fuzzer:

 ERROR: AddressSanitizer: SEGV on unknown address 0x602100000455
 The signal is caused by a READ memory access.
     #0 in blob_check_type blob.c:214:43
     #1 in blob_parse_attr blob.c:234:9
     #2 in blob_parse_untrusted blob.c:272:12
     #3 in fuzz_blob_parse tests/fuzzer/test-blob-parse-fuzzer.c:34:2
     #4 in LLVMFuzzerTestOneInput tests/fuzzer/test-blob-parse-fuzzer.c:39:2

Caused by following line:

	if (type == BLOB_ATTR_STRING && data[len - 1] != 0)

where len was pointing outside of the data buffer.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-25 10:31:58 +01:00
Petr Štetiar
0b24e24b93 blob: introduce blob_parse_untrusted
blob_parse can be only used on trusted input as it has no possibility to
check the length of the provided input buffer, which might lead to
undefined behaviour and/or crashes when supplied with malformed,
corrupted or otherwise specially crafted input.

So this introduces blob_parse_untrusted variant which expects additional
input buffer length argument and thus should be able to process also
inputs from untrusted sources.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-25 10:31:58 +01:00
Petr Štetiar
6d27336e4a blob: refactor attr parsing into separate function
Making blob_parse easier to review.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-25 10:31:58 +01:00
Petr Štetiar
6228df9de9 iron out all extra compiler warnings
gcc-9 on x86/64 has reported following issues:

 base64.c:173:17: error: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘long unsigned int’} [-Werror=sign-compare]
 base64.c:230:18: error: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘long unsigned int’} [-Werror=sign-compare]
 base64.c:238:18: error: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘long unsigned int’} [-Werror=sign-compare]
 base64.c:242:22: error: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘long unsigned int’} [-Werror=sign-compare]
 base64.c:252:18: error: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘long unsigned int’} [-Werror=sign-compare]
 base64.c:256:22: error: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘long unsigned int’} [-Werror=sign-compare]
 base64.c:266:18: error: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘long unsigned int’} [-Werror=sign-compare]
 base64.c:315:27: error: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘long unsigned int’} [-Werror=sign-compare]
 base64.c:329:15: error: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘long unsigned int’} [-Werror=sign-compare]
 blob.c:207:11: error: comparison of integer expressions of different signedness: ‘unsigned int’ and ‘int’ [-Werror=sign-compare]
 blob.c:210:11: error: comparison of integer expressions of different signedness: ‘unsigned int’ and ‘int’ [-Werror=sign-compare]
 blob.c:243:31: error: comparison of integer expressions of different signedness: ‘int’ and ‘unsigned int’ [-Werror=sign-compare]
 blob.c:246:31: error: comparison of integer expressions of different signedness: ‘int’ and ‘unsigned int’ [-Werror=sign-compare]
 blob.h:245:37: error: comparison of integer expressions of different signedness: ‘unsigned int’ and ‘int’ [-Werror=sign-compare]
 blob.h:253:37: error: comparison of integer expressions of different signedness: ‘unsigned int’ and ‘int’ [-Werror=sign-compare]
 blobmsg.h:269:37: error: comparison of integer expressions of different signedness: ‘unsigned int’ and ‘int’ [-Werror=sign-compare]
 blobmsg_json.c:155:10: error: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘long unsigned int’} [-Werror=sign-compare]
 examples/../blob.h:245:37: error: comparison of integer expressions of different signedness: ‘unsigned int’ and ‘int’ [-Werror=sign-compare]
 examples/../blobmsg.h:269:37: error: comparison of integer expressions of different signedness: ‘unsigned int’ and ‘int’ [-Werror=sign-compare]
 json_script.c:590:7: error: this statement may fall through [-Werror=implicit-fallthrough=]

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-11-20 14:34:01 +01:00
André Gaul
7f671b1e68 blobmsg: add support for double
This adds support for double floating point type to make it more JSON
compatible. For type checking it also adds a stub BLOB_ATTR_DOUBLE type.
If necessary, the accessor functions for blob can be added later

Signed-off-by: André Gaul <andre@gaul.io>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-01-04 21:36:31 +01:00
ewolfok
22bbcfddd7 blob: improve out-of-memory handling
Signed-off-by: Chen Bin <ewolfok@126.com>
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
2014-07-26 03:50:50 +02:00
Felix Fietkau
aa01be8ed0 blob: make length variables unsigned
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
2014-04-27 16:29:31 +02:00
Felix Fietkau
ef918710c0 blob: fix handling of custom validator callback
https://dev.openwrt.org/ticket/15638

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
2014-04-21 12:02:32 +02:00
Felix Fietkau
58aec3c59a blobmsg: allow data/length iterator/accessor functions to work on non-blobmsg elements
This primarily helps with simplifying the ubus APIs.
blobmsg header presence is indicated by the BLOB_ATTR_EXTENDED bit in
the id_len field.

This changes the format ABI, but not the API.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
2014-03-12 20:18:12 +01:00
Felix Fietkau
458c3937bc blob: add a magic offset to nesting cookies to ensure that NULL is never returned as a normal value
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
2013-10-16 01:22:02 +02:00
Felix Fietkau
be458596bd blob: add blob_put_raw() for copying one or more blob attributes into the buffer directly
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
2013-10-04 16:55:45 +02:00
Felix Fietkau
b786f85267 blob: add blob_buf_grow()
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
2013-02-10 20:43:33 +01:00
Felix Fietkau
5cfe2696f0 blob: add blob_memdup() 2012-06-01 20:54:20 +02:00
Felix Fietkau
a654d2f42b blob: switch to ISC license, switch blob_{get,put}_int* to _u*, add wrappers 2011-11-10 09:05:33 +01:00
Felix Fietkau
51711be625 fix more instances of uninitialized padding bytes 2011-10-06 17:57:13 +02:00
Felix Fietkau
309d7d456f fill padding bytes when setting raw attribute length 2011-10-06 17:14:44 +02:00
Felix Fietkau
f24324c27f explicitly zero extra buffer space added with realloc to silence valgrind warnings 2011-10-03 12:41:51 +02:00
Felix Fietkau
34a6d05f9a blob_attr_equal: un-inline, add pointer checks 2011-09-05 06:25:51 +02:00
Felix Fietkau
bdf717425a add blob_buf_free 2011-07-29 19:38:30 +02:00
Felix Fietkau
f01871bc30 fix off-by-one in the string validation check 2011-01-31 16:24:11 +01:00
Felix Fietkau
cad5bea36d blob: constify 2011-01-31 03:50:36 +01:00
Felix Fietkau
f2b9272e0b make blob attribute checking available externally 2011-01-31 03:46:37 +01:00
Felix Fietkau
ec593913f4 blob: validate strings on parse 2011-01-31 03:32:28 +01:00
Felix Fietkau
d110a016e3 constify blob_attr_info 2010-12-05 23:31:33 +01:00
Felix Fietkau
e82d74f898 Initial import 2010-10-13 21:29:08 +02:00