diff options
author | Petr Štetiar <ynezz@true.cz> | 2019-12-19 11:25:56 +0100 |
---|---|---|
committer | Petr Štetiar <ynezz@true.cz> | 2019-12-19 19:53:25 +0100 |
commit | a1523d76b016ed46501f61e38ad38999d6c66f52 (patch) | |
tree | e130a469b47ef17706403711da4923867ff322ac /tests | |
parent | c60583743ccf105f5d70270b437d2f7636d21193 (diff) | |
download | ubus-a1523d76b016ed46501f61e38ad38999d6c66f52.tar.gz |
fix blob parsing vulnerability by using blob_parse_untrusted
blob_parse expects blobs from trusted inputs, but it can be supplied
with possibly malicious blobs from untrusted inputs as well, which might
lead to undefined behaviour and/or crash of ubus daemon. In order to
prevent such conditions, switch to blob_parse_untrusted which should
hopefully handle such untrusted inputs appropriately.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Diffstat (limited to 'tests')
-rw-r--r-- | tests/fuzz/test-fuzz.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/tests/fuzz/test-fuzz.c b/tests/fuzz/test-fuzz.c index 9922ff9..7a7a1eb 100644 --- a/tests/fuzz/test-fuzz.c +++ b/tests/fuzz/test-fuzz.c @@ -28,7 +28,7 @@ static void _ubus_parse_msg(const uint8_t *data, size_t size) if (blob_pad_len(attr) > UBUS_MAX_MSGLEN) return; - ubus_parse_msg(attr); + ubus_parse_msg(attr, size); } int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) |