diff options
author | Petr Štetiar <ynezz@true.cz> | 2019-12-10 14:02:40 +0300 |
---|---|---|
committer | Petr Štetiar <ynezz@true.cz> | 2019-12-25 12:31:58 +0300 |
commit | f2b2ee441adb22bdcab7247589545eb27c941d78 (patch) | |
tree | fc945955ebe6d4d36d1b4fb4e5ec5a4d89c103fe /blobmsg.c | |
parent | 4dfd24ed88c4d721d2b26d478b9ada86395d0554 (diff) |
blobmsg: fix heap buffer overflow in blobmsg_parse
Fixes following error found by the fuzzer:
==29774==ERROR: AddressSanitizer: heap-buffer-overflow
READ of size 1 at 0x6020004f1c56 thread T0
#0 strcmp sanitizer_common_interceptors.inc:442:3
#1 blobmsg_parse blobmsg.c:168:8
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Diffstat (limited to 'blobmsg.c')
-rw-r--r-- | blobmsg.c | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -53,6 +53,9 @@ bool blobmsg_check_attr(const struct blob_attr *attr, bool name) id = blob_id(attr); len = blobmsg_data_len(attr); + if (len > blob_raw_len(attr)) + return false; + data = blobmsg_data(attr); if (id > BLOBMSG_TYPE_LAST) |