[OpenWrt-Devel] [PATCH 1/3] Ensure blob_attr length check does not perform out of bounds reads
Tobias Schramm
tobleminer at gmail.com
Fri Nov 23 00:34:29 EST 2018
Hi,
thanks for the feedback. While blob_pad_len does cover the size of
struct blob_attr it will always read attr->id_len which might be out
of bounds already. Thus we need to check that rem >= sizeof(struct
blob_attr) before.
Tobias
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list