return blob_id(attr);
}
+static uint16_t blobmsg_namelen(const struct blobmsg_hdr *hdr)
+{
+ return be16_to_cpu(hdr->namelen);
+}
+
static inline void *blobmsg_data(const struct blob_attr *attr)
{
- struct blobmsg_hdr *hdr = (struct blobmsg_hdr *) blob_data(attr);
- char *data = (char *) blob_data(attr);
+ struct blobmsg_hdr *hdr;
+ char *data;
+
+ if (!attr)
+ return NULL;
+
+ hdr = (struct blobmsg_hdr *) blob_data(attr);
+ data = (char *) blob_data(attr);
if (blob_is_extended(attr))
- data += blobmsg_hdrlen(be16_to_cpu(hdr->namelen));
+ data += blobmsg_hdrlen(blobmsg_namelen(hdr));
return data;
}
-static inline int blobmsg_data_len(const struct blob_attr *attr)
+static inline size_t blobmsg_data_len(const struct blob_attr *attr)
{
uint8_t *start, *end;
+ if (!attr)
+ return 0;
+
start = (uint8_t *) blob_data(attr);
end = (uint8_t *) blobmsg_data(attr);
return blob_len(attr) - (end - start);
}
-static inline int blobmsg_len(const struct blob_attr *attr)
+static inline size_t blobmsg_len(const struct blob_attr *attr)
{
return blobmsg_data_len(attr);
}
+/*
+ * blobmsg_check_attr: validate a list of attributes
+ *
+ * This method may be used with trusted data only. Providing
+ * malformed blobs will cause out of bounds memory access.
+ */
bool blobmsg_check_attr(const struct blob_attr *attr, bool name);
+
+/*
+ * blobmsg_check_attr_len: validate a list of attributes
+ *
+ * This method should be safer implementation of blobmsg_check_attr.
+ * It will limit all memory access performed on the blob to the
+ * range [attr, attr + len] (upper bound non inclusive) and is
+ * thus suited for checking of untrusted blob attributes.
+ */
+bool blobmsg_check_attr_len(const struct blob_attr *attr, bool name, size_t len);
+
+/*
+ * blobmsg_check_attr_list: validate a list of attributes
+ *
+ * This method may be used with trusted data only. Providing
+ * malformed blobs will cause out of bounds memory access.
+ */
bool blobmsg_check_attr_list(const struct blob_attr *attr, int type);
+/*
+ * blobmsg_check_attr_list_len: validate a list of untrusted attributes
+ *
+ * This method should be safer implementation of blobmsg_check_attr_list.
+ * It will limit all memory access performed on the blob to the
+ * range [attr, attr + len] (upper bound non inclusive) and is
+ * thus suited for checking of untrusted blob attributes.
+ */
+bool blobmsg_check_attr_list_len(const struct blob_attr *attr, int type, size_t len);
+
/*
* blobmsg_check_array: validate array/table and return size
*
* Checks if all elements of an array or table are valid and have
* the specified type. Returns the number of elements in the array
+ *
+ * This method may be used with trusted data only. Providing
+ * malformed blobs will cause out of bounds memory access.
*/
int blobmsg_check_array(const struct blob_attr *attr, int type);
+/*
+ * blobmsg_check_array_len: validate untrusted array/table and return size
+ *
+ * Checks if all elements of an array or table are valid and have
+ * the specified type. Returns the number of elements in the array.
+ *
+ * This method should be safer implementation of blobmsg_check_array.
+ * It will limit all memory access performed on the blob to the
+ * range [attr, attr + len] (upper bound non inclusive) and is
+ * thus suited for checking of untrusted blob attributes.
+ */
+int blobmsg_check_array_len(const struct blob_attr *attr, int type, size_t len);
+
int blobmsg_parse(const struct blobmsg_policy *policy, int policy_len,
struct blob_attr **tb, void *data, unsigned int len);
int blobmsg_parse_array(const struct blobmsg_policy *policy, int policy_len,
#define blobmsg_for_each_attr(pos, attr, rem) \
for (rem = attr ? blobmsg_data_len(attr) : 0, \
pos = (struct blob_attr *) (attr ? blobmsg_data(attr) : NULL); \
- rem > 0 && (blob_pad_len(pos) <= rem) && \
+ rem >= sizeof(struct blob_attr) && (blob_pad_len(pos) <= rem) && \
+ (blob_pad_len(pos) >= sizeof(struct blob_attr)); \
+ rem -= blob_pad_len(pos), pos = blob_next(pos))
+
+#define __blobmsg_for_each_attr(pos, attr, rem) \
+ for (pos = (struct blob_attr *) (attr ? blobmsg_data(attr) : NULL); \
+ rem >= sizeof(struct blob_attr) && (blob_pad_len(pos) <= rem) && \
(blob_pad_len(pos) >= sizeof(struct blob_attr)); \
rem -= blob_pad_len(pos), pos = blob_next(pos))