[OpenWrt-Devel] [PATCH ucert 9/9] fix certificate blob parsing vulnerability by using blob_parse_untrusted

Petr Štetiar ynezz at true.cz
Thu Dec 19 17:04:21 EST 2019


blob_parse expects blobs from trusted inputs, but in this case it can be
supplied with possibly malicious certificates from untrusted inputs as
well, so in order to prevent such conditions, switch to
blob_parse_untrusted which should hopefully handle such inputs
appropriately.

Signed-off-by: Petr Štetiar <ynezz at true.cz>
---
 ucert.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ucert.c b/ucert.c
index 76960a200be0..d822199eb7f8 100644
--- a/ucert.c
+++ b/ucert.c
@@ -154,7 +154,7 @@ static int cert_load(const char *certfile, struct list_head *chain) {
 
 	bufpt = (struct blob_attr *)filebuf;
 	do {
-		pret = blob_parse(bufpt, certtb, cert_policy, CERT_ATTR_MAX);
+		pret = blob_parse_untrusted(bufpt, len, certtb, cert_policy, CERT_ATTR_MAX);
 		if (pret <= 0)
 			/* no attributes found */
 			break;

_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel


More information about the openwrt-devel mailing list