projects
/
oweals
/
ucert.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
| inline |
side by side
fix certificate blob parsing vulnerability by using blob_parse_untrusted
[oweals/ucert.git]
/
ucert.c
diff --git
a/ucert.c
b/ucert.c
index 76960a200be077b7ba129af184c7b74c54f4cd4d..d822199eb7f8b8db7a67845d3f2a4642d711020f 100644
(file)
--- a/
ucert.c
+++ b/
ucert.c
@@
-154,7
+154,7
@@
static int cert_load(const char *certfile, struct list_head *chain) {
bufpt = (struct blob_attr *)filebuf;
do {
- pret = blob_parse
(bufpt
, certtb, cert_policy, CERT_ATTR_MAX);
+ pret = blob_parse
_untrusted(bufpt, len
, certtb, cert_policy, CERT_ATTR_MAX);
if (pret <= 0)
/* no attributes found */
break;