diff options
| author | Matthias Schiffer <mschiffer@universe-factory.net> | 2020-05-16 22:22:10 +0200 |
|---|---|---|
| committer | Matthias Schiffer <mschiffer@universe-factory.net> | 2020-05-24 16:54:37 +0200 |
| commit | 86818eaa976b0d396c1eabfdce307c33a48c0309 (patch) | |
| tree | 90d59295ea874cc214583ec757e7d21f12ee953e | |
| parent | 5e75160f48785464f9213c6bc8c72b9372c5318b (diff) | |
| download | libubox-86818eaa976b0d396c1eabfdce307c33a48c0309.tar.gz | |
blob: make blob_parse_untrusted more permissive
Some tools like ucert use concatenations of multiple blobs. Account for
this case by allowing the underlying buffer length to be greater than
the blob length.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
| -rw-r--r-- | blob.c | 2 | ||||
| -rw-r--r-- | tests/cram/inputs/signature.ucert | bin | 0 -> 516 bytes | |||
| -rw-r--r-- | tests/cram/test_blob_parse.t | 46 |
3 files changed, 47 insertions, 1 deletions
@@ -277,7 +277,7 @@ blob_parse_untrusted(struct blob_attr *attr, size_t attr_len, struct blob_attr * return 0; len = blob_raw_len(attr); - if (len != attr_len) + if (attr_len < len) return 0; memset(data, 0, sizeof(struct blob_attr *) * max); diff --git a/tests/cram/inputs/signature.ucert b/tests/cram/inputs/signature.ucert Binary files differnew file mode 100644 index 0000000..4a1da75 --- /dev/null +++ b/tests/cram/inputs/signature.ucert diff --git a/tests/cram/test_blob_parse.t b/tests/cram/test_blob_parse.t index b6cbbaa..5e8b5ff 100644 --- a/tests/cram/test_blob_parse.t +++ b/tests/cram/test_blob_parse.t @@ -21,6 +21,29 @@ check that blob_parse is producing expected results: } --- + $ valgrind --quiet --leak-check=full test-blob-parse $TEST_INPUTS/signature.ucert + === CHAIN ELEMENT 01 === + signature: + --- + untrusted comment: signed by key ca85add129e64bab + RWTKha3RKeZLq0Sb8kCH9p/3BcFFud8rJnZiRICyRNhjbbpeZSwO2VhkwGaMd7ujW2/YSvT3O67pB0QguV6czgpP5kLX4AKBaQ4= + --- + payload: + --- + "ucert": { + \t"certtype": 1, (esc) + \t"validfrom": 1588532405, (esc) + \t"expiresat": 1620068405, (esc) + \t"pubkey": "untrusted comment: Local build key\\nRWTKha3RKeZLq1EaPsqvnXu+FqLMHZIS7nvDgwjpRo69j+th6eihGvQo\\n" (esc) + } + --- + === CHAIN ELEMENT 02 === + signature: + --- + untrusted comment: signed by key ca85add129e64bab + RWTKha3RKeZLq9VW9CIMyumCQ4J0iFPLQYXr/YvUhw0OTrwpSh2XpKaRZQNZCXfO8ooMOCvG2TPor2veDjskHP1R2RGPIHp57wA= + --- + $ valgrind --quiet --leak-check=full test-blob-parse $TEST_INPUTS/invalid.ucert cannot parse cert invalid.ucert @@ -41,6 +64,29 @@ check that blob_parse is producing expected results: } --- + $ test-blob-parse-san $TEST_INPUTS/signature.ucert + === CHAIN ELEMENT 01 === + signature: + --- + untrusted comment: signed by key ca85add129e64bab + RWTKha3RKeZLq0Sb8kCH9p/3BcFFud8rJnZiRICyRNhjbbpeZSwO2VhkwGaMd7ujW2/YSvT3O67pB0QguV6czgpP5kLX4AKBaQ4= + --- + payload: + --- + "ucert": { + \t"certtype": 1, (esc) + \t"validfrom": 1588532405, (esc) + \t"expiresat": 1620068405, (esc) + \t"pubkey": "untrusted comment: Local build key\\nRWTKha3RKeZLq1EaPsqvnXu+FqLMHZIS7nvDgwjpRo69j+th6eihGvQo\\n" (esc) + } + --- + === CHAIN ELEMENT 02 === + signature: + --- + untrusted comment: signed by key ca85add129e64bab + RWTKha3RKeZLq9VW9CIMyumCQ4J0iFPLQYXr/YvUhw0OTrwpSh2XpKaRZQNZCXfO8ooMOCvG2TPor2veDjskHP1R2RGPIHp57wA= + --- + $ test-blob-parse-san $TEST_INPUTS/invalid.ucert cannot parse cert invalid.ucert |