fix certificate blob parsing vulnerability by using blob_parse_untrusted
authorPetr Štetiar <ynezz@true.cz>
Mon, 16 Dec 2019 13:58:50 +0000 (14:58 +0100)
committerPetr Štetiar <ynezz@true.cz>
Mon, 16 Dec 2019 19:52:58 +0000 (20:52 +0100)
blob_parse expects blobs from trusted inputs, but in this case it can be
supplied with possibly malicious certificates from untrusted inputs as
well, so in order to prevent such conditions, switch to
blob_parse_untrusted which should hopefully handle such inputs
appropriately.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
ucert.c

diff --git a/ucert.c b/ucert.c
index 76960a200be077b7ba129af184c7b74c54f4cd4d..d822199eb7f8b8db7a67845d3f2a4642d711020f 100644 (file)
--- a/ucert.c
+++ b/ucert.c
@@ -154,7 +154,7 @@ static int cert_load(const char *certfile, struct list_head *chain) {
 
        bufpt = (struct blob_attr *)filebuf;
        do {
-               pret = blob_parse(bufpt, certtb, cert_policy, CERT_ATTR_MAX);
+               pret = blob_parse_untrusted(bufpt, len, certtb, cert_policy, CERT_ATTR_MAX);
                if (pret <= 0)
                        /* no attributes found */
                        break;