[OpenWrt-Devel] [PATCH ucert 9/9] fix certificate blob parsing vulnerability by using blob_parse_untrusted

Petr Štetiar ynezz at true.cz
Thu Dec 19 17:04:21 EST 2019

blob_parse expects blobs from trusted inputs, but in this case it can be
supplied with possibly malicious certificates from untrusted inputs as
well, so in order to prevent such conditions, switch to
blob_parse_untrusted which should hopefully handle such inputs

Signed-off-by: Petr Štetiar <ynezz at true.cz>
 ucert.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ucert.c b/ucert.c
index 76960a200be0..d822199eb7f8 100644
--- a/ucert.c
+++ b/ucert.c
@@ -154,7 +154,7 @@ static int cert_load(const char *certfile, struct list_head *chain) {
 	bufpt = (struct blob_attr *)filebuf;
 	do {
-		pret = blob_parse(bufpt, certtb, cert_policy, CERT_ATTR_MAX);
+		pret = blob_parse_untrusted(bufpt, len, certtb, cert_policy, CERT_ATTR_MAX);
 		if (pret <= 0)
 			/* no attributes found */

openwrt-devel mailing list
openwrt-devel at lists.openwrt.org

More information about the openwrt-devel mailing list