fix blob parsing vulnerability by using blob_parse_untrusted

[project/ubus.git] / ubusd_acl.c

diff --git a/ubusd_acl.c b/ubusd_acl.c
index f19df9a875c7671257d5c3d4a582edb5371f42a6..e426a4af95efaf1e610bf640013dd8b7978ec015 100644 (file)
--- a/ubusd_acl.c
+++ b/ubusd_acl.c
@@ -549,7 +549,7 @@ static int ubusd_reply_query(struct ubus_client *cl, struct ubus_msg_buf *ub, st
 static int ubusd_acl_recv(struct ubus_client *cl, struct ubus_msg_buf *ub, const char *method, struct blob_attr *msg)
 {
        if (!strcmp(method, "query"))
 static int ubusd_acl_recv(struct ubus_client *cl, struct ubus_msg_buf *ub, const char *method, struct blob_attr *msg)
 {
        if (!strcmp(method, "query"))

-               return ubusd_reply_query(cl, ub, ubus_parse_msg(ub->data), msg);
+               return ubusd_reply_query(cl, ub, ubus_parse_msg(ub->data, blob_raw_len(ub->data)), msg);

 
        return UBUS_STATUS_INVALID_COMMAND;
 }
 
        return UBUS_STATUS_INVALID_COMMAND;
 }