return true;
}
-int
-blob_parse(struct blob_attr *attr, struct blob_attr **data, const struct blob_attr_info *info, int max)
+static int
+blob_parse_attr(struct blob_attr *attr, size_t attr_len, struct blob_attr **data, const struct blob_attr_info *info, int max)
{
- struct blob_attr *pos;
+ int id;
+ size_t len;
int found = 0;
- size_t rem;
-
- memset(data, 0, sizeof(struct blob_attr *) * max);
- blob_for_each_attr(pos, attr, rem) {
- int id = blob_id(pos);
- size_t len = blob_len(pos);
+ size_t data_len;
- if (id >= max)
- continue;
+ if (!attr || attr_len < sizeof(struct blob_attr))
+ return 0;
- if (info) {
- int type = info[id].type;
+ id = blob_id(attr);
+ if (id >= max)
+ return 0;
- if (type < BLOB_ATTR_LAST) {
- if (!blob_check_type(blob_data(pos), len, type))
- continue;
- }
+ len = blob_raw_len(attr);
+ if (len > attr_len || len < sizeof(struct blob_attr))
+ return 0;
- if (info[id].minlen && len < info[id].minlen)
- continue;
+ data_len = blob_len(attr);
+ if (data_len > len)
+ return 0;
- if (info[id].maxlen && len > info[id].maxlen)
- continue;
+ if (info) {
+ int type = info[id].type;
- if (info[id].validate && !info[id].validate(&info[id], pos))
- continue;
+ if (type < BLOB_ATTR_LAST) {
+ if (!blob_check_type(blob_data(attr), data_len, type))
+ return 0;
}
- if (!data[id])
- found++;
+ if (info[id].minlen && len < info[id].minlen)
+ return 0;
+
+ if (info[id].maxlen && len > info[id].maxlen)
+ return 0;
+
+ if (info[id].validate && !info[id].validate(&info[id], attr))
+ return 0;
+ }
+
+ if (!data[id])
+ found++;
+
+ data[id] = attr;
+ return found;
+}
+
+int
+blob_parse_untrusted(struct blob_attr *attr, size_t attr_len, struct blob_attr **data, const struct blob_attr_info *info, int max)
+{
+ struct blob_attr *pos;
+ size_t len = 0;
+ int found = 0;
+ size_t rem;
+
+ if (!attr || attr_len < sizeof(struct blob_attr))
+ return 0;
+
+ len = blob_raw_len(attr);
+ if (attr_len < len)
+ return 0;
- data[id] = pos;
+ memset(data, 0, sizeof(struct blob_attr *) * max);
+ blob_for_each_attr_len(pos, attr, len, rem) {
+ found += blob_parse_attr(pos, rem, data, info, max);
}
+
+ return found;
+}
+
+/* use only on trusted input, otherwise consider blob_parse_untrusted */
+int
+blob_parse(struct blob_attr *attr, struct blob_attr **data, const struct blob_attr_info *info, int max)
+{
+ struct blob_attr *pos;
+ int found = 0;
+ size_t rem;
+
+ memset(data, 0, sizeof(struct blob_attr *) * max);
+ blob_for_each_attr(pos, attr, rem) {
+ found += blob_parse_attr(pos, rem, data, info, max);
+ }
+
return found;
}