True. I'll send a V2 with some documentation added. Am Fr., 23. Nov. 2018 um 05:11 Uhr schrieb Yousong Zhou <[email protected]>: > > On Thu, 22 Nov 2018 at 10:00, Tobias Schramm <[email protected]> wrote: > > > > Hi, > > > > this patch set makes parsing of blobmsg messages more robust against > > malformed data. > > > > Previously blobmsg_parse would crash due to out of bounds reads when > > provided with malformed blobs containing invalid blob length specifications. > > I've introduced a _safe variant of all blobmsg_check_* methods that takes > > an additional length argument that allows it to verify that all performed > > reads will be inside the buffer containing the struct attr* to be checked. > > > > Since we do already get the actual buffer length for free in a few places > > (namely blobmsg_parse, blobmsg_parse_array) I've adjusted those methods to > > use the _safe attribute checking variants. > > > > I've not changed the semantics of the old, unsafe blobmsg_check_* functions > > to include a compiler-level deprecation warning to ensure it does not break > > builds of existing packages depending on libubox compiled with -Werror. > > > > Best Regards, > > > > Tobias Schramm > > We need to add doc comment for blobmsg_check_attr* functions, making > it clear that length check of the *attr pointer is assumed to be > already done by the caller. > > yousong
_______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-devel
