diff options
author | Petr Štetiar <ynezz@true.cz> | 2019-12-09 16:11:45 +0300 |
---|---|---|
committer | Petr Štetiar <ynezz@true.cz> | 2019-12-25 12:31:58 +0300 |
commit | 0b24e24b93e1f00e7c0907fbe600dd2978bbd388 (patch) | |
tree | eed8d48303df08cfdf2eae9e68291981004d7f9d /blob.h | |
parent | 6d27336e4a8b6e7ab7628509101beb16fcc08bba (diff) |
blob: introduce blob_parse_untrusted
blob_parse can be only used on trusted input as it has no possibility to
check the length of the provided input buffer, which might lead to
undefined behaviour and/or crashes when supplied with malformed,
corrupted or otherwise specially crafted input.
So this introduces blob_parse_untrusted variant which expects additional
input buffer length argument and thus should be able to process also
inputs from untrusted sources.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Diffstat (limited to 'blob.h')
-rw-r--r-- | blob.h | 7 |
1 files changed, 7 insertions, 0 deletions
@@ -199,6 +199,7 @@ extern void blob_nest_end(struct blob_buf *buf, void *cookie); extern struct blob_attr *blob_put(struct blob_buf *buf, int id, const void *ptr, unsigned int len); extern bool blob_check_type(const void *ptr, unsigned int len, int type); extern int blob_parse(struct blob_attr *attr, struct blob_attr **data, const struct blob_attr_info *info, int max); +extern int blob_parse_untrusted(struct blob_attr *attr, size_t attr_len, struct blob_attr **data, const struct blob_attr_info *info, int max); extern struct blob_attr *blob_memdup(struct blob_attr *attr); extern struct blob_attr *blob_put_raw(struct blob_buf *buf, const void *ptr, unsigned int len); @@ -254,5 +255,11 @@ blob_put_u64(struct blob_buf *buf, int id, uint64_t val) (blob_pad_len(pos) >= sizeof(struct blob_attr)); \ rem -= blob_pad_len(pos), pos = blob_next(pos)) +#define blob_for_each_attr_len(pos, attr, attr_len, rem) \ + for (rem = attr ? blob_len(attr) : 0, \ + pos = (struct blob_attr *) (attr ? blob_data(attr) : NULL); \ + rem >= sizeof(struct blob_attr) && rem < attr_len && (blob_pad_len(pos) <= rem) && \ + (blob_pad_len(pos) >= sizeof(struct blob_attr)); \ + rem -= blob_pad_len(pos), pos = blob_next(pos)) #endif |