From a1523d76b016ed46501f61e38ad38999d6c66f52 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0tetiar?= Date: Thu, 19 Dec 2019 11:25:56 +0100 Subject: fix blob parsing vulnerability by using blob_parse_untrusted MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit blob_parse expects blobs from trusted inputs, but it can be supplied with possibly malicious blobs from untrusted inputs as well, which might lead to undefined behaviour and/or crash of ubus daemon. In order to prevent such conditions, switch to blob_parse_untrusted which should hopefully handle such untrusted inputs appropriately. Signed-off-by: Petr Štetiar --- tests/fuzz/test-fuzz.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tests') diff --git a/tests/fuzz/test-fuzz.c b/tests/fuzz/test-fuzz.c index 9922ff9..7a7a1eb 100644 --- a/tests/fuzz/test-fuzz.c +++ b/tests/fuzz/test-fuzz.c @@ -28,7 +28,7 @@ static void _ubus_parse_msg(const uint8_t *data, size_t size) if (blob_pad_len(attr) > UBUS_MAX_MSGLEN) return; - ubus_parse_msg(attr); + ubus_parse_msg(attr, size); } int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) -- cgit v1.2.1