projects
/
oweals
/
ucert.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
fix memory corruption caused by use-after-free
[oweals/ucert.git]
/
ucert.c
diff --git
a/ucert.c
b/ucert.c
index 7e419d4d8b04700df3b6f06803706f5be3ba6185..49d39e9fa58c226aad93d1d48694609b86145b48 100644
(file)
--- a/
ucert.c
+++ b/
ucert.c
@@
-156,8
+156,15
@@
static int cert_load(const char *certfile, struct list_head *chain) {
else
pos += blob_pad_len(bufpt);
else
pos += blob_pad_len(bufpt);
+ if (!certtb[CERT_ATTR_SIGNATURE])
+ /* no signature -> drop */
+ break;
+
cobj = calloc(1, sizeof(*cobj));
cobj = calloc(1, sizeof(*cobj));
- memcpy(cobj->cert, &certtb, sizeof(certtb));
+ cobj->cert[CERT_ATTR_SIGNATURE] = blob_memdup(certtb[CERT_ATTR_SIGNATURE]);
+ if (certtb[CERT_ATTR_PAYLOAD])
+ cobj->cert[CERT_ATTR_PAYLOAD] = blob_memdup(certtb[CERT_ATTR_PAYLOAD]);
+
list_add_tail(&cobj->list, chain);
ret += pret;
bufpt = blob_next(bufpt);
list_add_tail(&cobj->list, chain);
ret += pret;
bufpt = blob_next(bufpt);