On 1/26/20 4:14 PM, Hauke Mehrtens wrote: > This extends the blob_parse() function to check that no inner attribute > is bigger than the outside attribute. The blob_parse_untrusted() should > be used when we know the size of blob_attr *attr, in some other way. > > Signed-off-by: Hauke Mehrtens <[email protected]> > --- > blob.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/blob.c b/blob.c > index 528e717..0ed6c80 100644 > --- a/blob.c > +++ b/blob.c > @@ -295,9 +295,10 @@ blob_parse(struct blob_attr *attr, struct blob_attr > **data, const struct blob_at > struct blob_attr *pos; > int found = 0; > size_t rem; > + size_t len = blob_raw_len(attr); > > memset(data, 0, sizeof(struct blob_attr *) * max); > - blob_for_each_attr(pos, attr, rem) { > + blob_for_each_attr_len(pos, attr, len, rem) { > found += blob_parse_attr(pos, rem, data, info, max); > } > >
I checked the code again more closely and I think it is already doing
something similar in blob_for_each_attr_len(). rem is initialized with
blob_len(attr).
#define blob_for_each_attr_len(pos, attr, attr_len, rem) \
for (rem = attr ? blob_len(attr) : 0, \
pos = (struct blob_attr *) (attr ? blob_data(attr) : NULL); \
rem >= sizeof(struct blob_attr) && rem < attr_len &&
(blob_pad_len(pos) <= rem) && \
(blob_pad_len(pos) >= sizeof(struct blob_attr)); \
rem -= blob_pad_len(pos), pos = blob_next(pos))
Hauke
signature.asc
Description: OpenPGP digital signature
_______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-devel
