From: Daniel Golle <daniel@makrotopia.org>
Date: Thu, 7 Jun 2018 23:15:26 +0000 (+0200)
Subject: fix memory corruption caused by use-after-free
X-Git-Url: https://git.librecmc.org/?p=oweals%2Fucert.git;a=commitdiff_plain;h=58269c35ef0feac86a4cf222a476fa0839aaf335

fix memory corruption caused by use-after-free

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This work was sponsored by WIO (wiowireless.com)
---

diff --git a/ucert.c b/ucert.c
index 7e419d4..49d39e9 100644
--- a/ucert.c
+++ b/ucert.c
@@ -156,8 +156,15 @@ static int cert_load(const char *certfile, struct list_head *chain) {
 		else
 			pos += blob_pad_len(bufpt);
 
+		if (!certtb[CERT_ATTR_SIGNATURE])
+			/* no signature -> drop */
+			break;
+
 		cobj = calloc(1, sizeof(*cobj));
-		memcpy(cobj->cert, &certtb, sizeof(certtb));
+		cobj->cert[CERT_ATTR_SIGNATURE] = blob_memdup(certtb[CERT_ATTR_SIGNATURE]);
+		if (certtb[CERT_ATTR_PAYLOAD])
+			cobj->cert[CERT_ATTR_PAYLOAD] = blob_memdup(certtb[CERT_ATTR_PAYLOAD]);
+
 		list_add_tail(&cobj->list, chain);
 		ret += pret;
 		bufpt = blob_next(bufpt);