Página inicial Explorar Ajuda
Entrar
OWEALs
/
ucert
mirror de https://git.openwrt.org/project/ucert.git
2
0
Fork 0
Arquivos Issues 0 Wiki
Ver código fonte

fix certificate blob parsing vulnerability by using blob_parse_untrusted

blob_parse expects blobs from trusted inputs, but in this case it can be
supplied with possibly malicious certificates from untrusted inputs as
well, so in order to prevent such conditions, switch to
blob_parse_untrusted which should hopefully handle such inputs
appropriately.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar 4 anos atrás
pai
19a7225ac0
commit
14a279411c
1 arquivos alterados com 1 adições e 1 exclusões
Visão dividida Mostrar estatísticas do Diff
  1. 1 1
      ucert.c

+ 1 - 1
ucert.c
Ver arquivo 

@@ -154,7 +154,7 @@ static int cert_load(const char *certfile, struct list_head *chain) {
 
 
 	bufpt = (struct blob_attr *)filebuf;
 
 	do {
 
-		pret = blob_parse(bufpt, certtb, cert_policy, CERT_ATTR_MAX);
 
+		pret = blob_parse_untrusted(bufpt, len, certtb, cert_policy, CERT_ATTR_MAX);
 
 		if (pret <= 0)
 
 			/* no attributes found */
 
 			break;