Fix length checks in cert_load()
authorMatthias Schiffer <mschiffer@universe-factory.net>
Sat, 16 May 2020 20:29:24 +0000 (22:29 +0200)
committerMatthias Schiffer <mschiffer@universe-factory.net>
Sat, 16 May 2020 20:43:55 +0000 (22:43 +0200)
commit96c42c5ed3207b8ad1ce836a4426c8700c13b655
treed9cc07cc277bc32d420639ec62cc18a4d10cbcc6
parentfe06b4b836b3afd5b27039914dea1c7fe20bd78d
Fix length checks in cert_load()

cert_load() iterates over multiple blobs, so the length argument to
blob_parse_untrusted() needs to be updated to prevent out-of-bounds
accesses.

Some other checks have become redundant and are removed, as
blob_parse_untrusted() already ensures that all attrs are contained in
the passed buffer.

Note that this issue currently does not pose a security threat, as an
over-restrictive check in blob_parse_untrusted() broke parsing of
buffers with multiple blobs completely.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
ucert.c