projects
/
oweals
/
libubox.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
4dfd24e
)
blobmsg: fix heap buffer overflow in blobmsg_parse
author
Petr Štetiar
<ynezz@true.cz>
Tue, 10 Dec 2019 11:02:40 +0000
(12:02 +0100)
committer
Petr Štetiar
<ynezz@true.cz>
Wed, 25 Dec 2019 09:31:58 +0000
(10:31 +0100)
Fixes following error found by the fuzzer:
==29774==ERROR: AddressSanitizer: heap-buffer-overflow
READ of size 1 at 0x6020004f1c56 thread T0
#0 strcmp sanitizer_common_interceptors.inc:442:3
#1 blobmsg_parse blobmsg.c:168:8
Signed-off-by: Petr Štetiar <ynezz@true.cz>
blobmsg.c
patch
|
blob
|
history
diff --git
a/blobmsg.c
b/blobmsg.c
index 1a8b783e9ba92b35aff2b1a3ad6912a903b704e1..71d4a36a647cb7ac7bac01c6f79833fd3614d4a8 100644
(file)
--- a/
blobmsg.c
+++ b/
blobmsg.c
@@
-53,6
+53,9
@@
bool blobmsg_check_attr(const struct blob_attr *attr, bool name)
id = blob_id(attr);
len = blobmsg_data_len(attr);
+ if (len > blob_raw_len(attr))
+ return false;
+
data = blobmsg_data(attr);
if (id > BLOBMSG_TYPE_LAST)
projects / oweals / libubox.git / commitdiff