[OpenWrt-Devel] [PATCH 1/3] Ensure blob_attr length check does not perform out of bounds reads

Tobias Schramm tobleminer at gmail.com
Fri Nov 23 00:34:29 EST 2018


Hi,

thanks for the feedback. While blob_pad_len does cover the size of
struct blob_attr it will always read attr->id_len which might be out
of bounds already. Thus we need to check that rem >=  sizeof(struct
blob_attr) before.

Tobias

_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel



More information about the openwrt-devel mailing list