blob_parse expects blobs from trusted inputs, but in this case it can be supplied with possibly malicious certificates from untrusted inputs as well, so in order to prevent such conditions, switch to blob_parse_untrusted which should hopefully handle such inputs appropriately.
Signed-off-by: Petr Štetiar <[email protected]> --- ucert.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ucert.c b/ucert.c index 76960a200be0..d822199eb7f8 100644 --- a/ucert.c +++ b/ucert.c @@ -154,7 +154,7 @@ static int cert_load(const char *certfile, struct list_head *chain) { bufpt = (struct blob_attr *)filebuf; do { - pret = blob_parse(bufpt, certtb, cert_policy, CERT_ATTR_MAX); + pret = blob_parse_untrusted(bufpt, len, certtb, cert_policy, CERT_ATTR_MAX); if (pret <= 0) /* no attributes found */ break; _______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-devel
