From: Petr Štetiar Date: Mon, 16 Dec 2019 13:58:50 +0000 (+0100) Subject: fix certificate blob parsing vulnerability by using blob_parse_untrusted X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=14a279411cff06f9b1363711df4ec3b5db73f042;p=oweals%2Fucert.git fix certificate blob parsing vulnerability by using blob_parse_untrusted blob_parse expects blobs from trusted inputs, but in this case it can be supplied with possibly malicious certificates from untrusted inputs as well, so in order to prevent such conditions, switch to blob_parse_untrusted which should hopefully handle such inputs appropriately. Signed-off-by: Petr Štetiar --- diff --git a/ucert.c b/ucert.c index 76960a2..d822199 100644 --- a/ucert.c +++ b/ucert.c @@ -154,7 +154,7 @@ static int cert_load(const char *certfile, struct list_head *chain) { bufpt = (struct blob_attr *)filebuf; do { - pret = blob_parse(bufpt, certtb, cert_policy, CERT_ATTR_MAX); + pret = blob_parse_untrusted(bufpt, len, certtb, cert_policy, CERT_ATTR_MAX); if (pret <= 0) /* no attributes found */ break;