forked from open-power/secvarctl
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
guest/read: rewrite print_variables function to use libstb-secvar hel…
…per functions Fixes open-power#63, and maybe open-power#61. As reported in open-power#63, a fuzzed ESL file causes a segfault when reading. This occurs because the fuzzed ESL contains an internal size value that is far larger than that of the ESL file itself. Therefore, when we hand the data to OpenSSL to parse, we give the parsing function a very incorrect size value to expect, and therefore it overruns the buffer. Rather than add in more size checks, the function has been rewritten to use the ESL/ESD iteration helper functions in libstb-secvar, which already have coverage testing. Signed-off-by: Eric Richter <[email protected]>
- Loading branch information
1 parent
adec995
commit a303f60
Showing
1 changed file
with
48 additions
and
56 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters