On 2020-05-25 10:31, Rafał Miłecki wrote: > From: Rafał Miłecki <ra...@milecki.pl> > > After more reviews is seems that blobmsg_for_each_attr() should not be > used when dealing with untrusted data as it reads length from blob data > itself. It means it can't be used in the blobmsg_check_array_len(). > > Switch back to using __blobmsg_for_each_attr() BUT pass correct length > to it. Calculate it by subtracting header length from blob length. This should not be necessary, because the length is validated in the blobmsg_check_attr_len call earlier in the same function. I think your previous fix is completely fine as-is.
- Felix _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
