[OpenWrt-Devel] [PATCH 1/3] Ensure blob_attr length check does not perform out of bounds reads

Tobias Schramm tobleminer at gmail.com
Fri Nov 23 00:34:29 EST 2018


thanks for the feedback. While blob_pad_len does cover the size of
struct blob_attr it will always read attr->id_len which might be out
of bounds already. Thus we need to check that rem >=  sizeof(struct
blob_attr) before.


openwrt-devel mailing list
openwrt-devel at lists.openwrt.org

More information about the openwrt-devel mailing list