projects / oweals / ubus.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c605837) | patch
fix blob parsing vulnerability by using blob_parse_untrusted
authorPetr Štetiar <ynezz@true.cz>
Thu, 19 Dec 2019 10:25:56 +0000 (11:25 +0100)
committerPetr Štetiar <ynezz@true.cz>
Thu, 19 Dec 2019 18:53:25 +0000 (19:53 +0100)
commita1523d76b016ed46501f61e38ad38999d6c66f52
treee130a469b47ef17706403711da4923867ff322actree | snapshot
parentc60583743ccf105f5d70270b437d2f7636d21193commit | diff
fix blob parsing vulnerability by using blob_parse_untrusted

blob_parse expects blobs from trusted inputs, but it can be supplied
with possibly malicious blobs from untrusted inputs as well, which might
lead to undefined behaviour and/or crash of ubus daemon. In order to
prevent such conditions, switch to blob_parse_untrusted which should
hopefully handle such untrusted inputs appropriately.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
cli.c diff | blob | history
libubus-internal.h diff | blob | history
libubus-io.c diff | blob | history
libubus-obj.c diff | blob | history
libubus-req.c diff | blob | history
libubus.c diff | blob | history
tests/fuzz/test-fuzz.c diff | blob | history
ubusd.h diff | blob | history
ubusd_acl.c diff | blob | history
ubusd_proto.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.