diff options
author | Petr Štetiar <ynezz@true.cz> | 2019-12-09 16:11:45 +0300 |
---|---|---|
committer | Petr Štetiar <ynezz@true.cz> | 2019-12-25 12:31:58 +0300 |
commit | 0b24e24b93e1f00e7c0907fbe600dd2978bbd388 (patch) | |
tree | eed8d48303df08cfdf2eae9e68291981004d7f9d /blob.c | |
parent | 6d27336e4a8b6e7ab7628509101beb16fcc08bba (diff) |
blob: introduce blob_parse_untrusted
blob_parse can be only used on trusted input as it has no possibility to
check the length of the provided input buffer, which might lead to
undefined behaviour and/or crashes when supplied with malformed,
corrupted or otherwise specially crafted input.
So this introduces blob_parse_untrusted variant which expects additional
input buffer length argument and thus should be able to process also
inputs from untrusted sources.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Diffstat (limited to 'blob.c')
-rw-r--r-- | blob.c | 24 |
1 files changed, 24 insertions, 0 deletions
@@ -253,6 +253,30 @@ blob_parse_attr(struct blob_attr *attr, struct blob_attr **data, const struct bl } int +blob_parse_untrusted(struct blob_attr *attr, size_t attr_len, struct blob_attr **data, const struct blob_attr_info *info, int max) +{ + struct blob_attr *pos; + size_t len = 0; + int found = 0; + size_t rem; + + if (!attr || attr_len < sizeof(struct blob_attr)) + return 0; + + len = blob_raw_len(attr); + if (len != attr_len) + return 0; + + memset(data, 0, sizeof(struct blob_attr *) * max); + blob_for_each_attr_len(pos, attr, len, rem) { + found += blob_parse_attr(pos, rem, data, info, max); + } + + return found; +} + +/* use only on trusted input, otherwise consider blob_parse_untrusted */ +int blob_parse(struct blob_attr *attr, struct blob_attr **data, const struct blob_attr_info *info, int max) { struct blob_attr *pos; |