Hi, this patch set makes parsing of blobmsg messages more robust against malformed data.
Previously blobmsg_parse would crash due to out of bounds reads when provied with malformed blobs containing invalid blob length specifications. I've introduced a _safe variant of all blobmsg_check_* methods that takes an additional length argument that allows it to verify that all performed reads will be inside the buffer containing the struct attr* to be checked. Since we do already get the actual buffer length for free in a few places (namely blobmsg_parse, blobmsg_parse_array) I've adjusted those methods to use the _safe attribute checking variants. I've not changed the semantics of the old, unsafe blobmsg_check_* functions to include a compiler-level deprecation warning to ensure it does not break builds of existing packages depending on libubox compiled with -Werror. Best Regards, Tobias Schramm Changelog: v2: - Add documentation to attribute checking methods in blobmsg.h v3: - Inline attribute checking methods - Fix orthography Tobias Schramm (3): Ensure blob_attr length check does not perform out of bounds reads Replace use of blobmsg_check_attr by blobmsg_check_attr_safe Add _safe variants for all attribute checking methods blob.h | 4 +-- blobmsg.c | 36 ++++++++++++++++++++------ blobmsg.h | 75 ++++++++++++++++++++++++++++++++++++++++++++++++++++--- 3 files changed, 102 insertions(+), 13 deletions(-) -- 2.19.2 _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
