blob: introduce blob_parse_untrusted

blob_parse can be only used on trusted input as it has no possibility to
check the length of the provided input buffer, which might lead to
undefined behaviour and/or crashes when supplied with malformed,
corrupted or otherwise specially crafted input.

So this introduces blob_parse_untrusted variant which expects additional
input buffer length argument and thus should be able to process also
inputs from untrusted sources.

Signed-off-by: Petr Štetiar <ynezz@true.cz>

1 files changed, 24 insertions, 0 deletions

diff --git a/blob.c b/blob.c
index ee93894..dc908d9 100644
--- a/blob.c
+++ b/blob.c
@@ -253,6 +253,30 @@ blob_parse_attr(struct blob_attr *attr, struct blob_attr **data, const struct bl
 }
 
 int
+blob_parse_untrusted(struct blob_attr *attr, size_t attr_len, struct blob_attr **data, const struct blob_attr_info *info, int max)
+{
+	struct blob_attr *pos;
+	size_t len = 0;
+	int found = 0;
+	size_t rem;
+
+	if (!attr || attr_len < sizeof(struct blob_attr))
+		return 0;
+
+	len = blob_raw_len(attr);
+	if (len != attr_len)
+		return 0;
+
+	memset(data, 0, sizeof(struct blob_attr *) * max);
+	blob_for_each_attr_len(pos, attr, len, rem) {
+		found += blob_parse_attr(pos, rem, data, info, max);
+	}
+
+	return found;
+}
+
+/* use only on trusted input, otherwise consider blob_parse_untrusted */
+int
 blob_parse(struct blob_attr *attr, struct blob_attr **data, const struct blob_attr_info *info, int max)
 {
 	struct blob_attr *pos;