[OpenWrt-Devel] [PATCH 0/3] libubox: Enhance robustness of blobmsg parsing

Yousong Zhou yszhou4tech at gmail.com
Thu Nov 22 23:10:58 EST 2018


On Thu, 22 Nov 2018 at 10:00, Tobias Schramm <tobleminer at gmail.com> wrote:
>
> Hi,
>
> this patch set makes parsing of blobmsg messages more robust against
> malformed data.
>
> Previously blobmsg_parse would crash due to out of bounds reads when
> provided with malformed blobs containing invalid blob length specifications.
> I've introduced a _safe variant of all blobmsg_check_* methods that takes
> an additional length argument that allows it to verify that all performed
> reads will be inside the buffer containing the struct attr* to be checked.
>
> Since we do already get the actual buffer length for free in a few places
> (namely blobmsg_parse, blobmsg_parse_array) I've adjusted those methods to
> use the _safe attribute checking variants.
>
> I've not changed the semantics of the old, unsafe blobmsg_check_* functions
> to include a compiler-level deprecation warning to ensure it does not break
> builds of existing packages depending on libubox compiled with -Werror.
>
> Best Regards,
>
> Tobias Schramm

We need to add doc comment for blobmsg_check_attr* functions, making
it clear that length check of the *attr pointer is assumed to be
already done by the caller.

                yousong

_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel



More information about the openwrt-devel mailing list