From: Petr Štetiar Date: Tue, 10 Dec 2019 11:02:40 +0000 (+0100) Subject: blobmsg: fix heap buffer overflow in blobmsg_parse X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=f2b2ee441adb22bdcab7247589545eb27c941d78;p=oweals%2Flibubox.git blobmsg: fix heap buffer overflow in blobmsg_parse Fixes following error found by the fuzzer: ==29774==ERROR: AddressSanitizer: heap-buffer-overflow READ of size 1 at 0x6020004f1c56 thread T0 #0 strcmp sanitizer_common_interceptors.inc:442:3 #1 blobmsg_parse blobmsg.c:168:8 Signed-off-by: Petr Štetiar --- diff --git a/blobmsg.c b/blobmsg.c index 1a8b783..71d4a36 100644 --- a/blobmsg.c +++ b/blobmsg.c @@ -53,6 +53,9 @@ bool blobmsg_check_attr(const struct blob_attr *attr, bool name) id = blob_id(attr); len = blobmsg_data_len(attr); + if (len > blob_raw_len(attr)) + return false; + data = blobmsg_data(attr); if (id > BLOBMSG_TYPE_LAST)