On Wed, Aug 21, 2019 at 8:32 PM Cheng Liu <liuchen...@huawei.com> wrote: > > CVE: net: fix unbounded memcpy of UDP packet > > This patch adds a check to udp_len to fix unbounded memcpy for > CVE-2019-14192, CVE-2019-14193 and CVE-2019-14199. > > Signed-off-by: Cheng Liu <liuchen...@huawei.com>
Reviewed-by: Simon Goldschmidt <simon.k.r.goldschm...@gmail.com> Although being annoyed by the lack of response from Fermin nearly a month ago, would it make sense to add: Reported-by: FermÃn Serna <fer...@semmle.com> Regards, Simon > --- > net/net.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/net/net.c b/net/net.c > index 40511db..68f9693 100644 > --- a/net/net.c > +++ b/net/net.c > @@ -1253,6 +1253,9 @@ void net_process_received_packet(uchar *in_packet, int > len) > return; > } > > + if (ntohs(ip->udp_len) < UDP_HDR_SIZE || ntohs(ip->udp_len) > > ntohs(ip->ip_len)) > + return; > + > debug_cond(DEBUG_DEV_PKT, > "received UDP (to=%pI4, from=%pI4, len=%d)\n", > &dst_ip, &src_ip, len); > -- > 1.8.5.6 > > _______________________________________________ > U-Boot mailing list > U-Boot@lists.denx.de > https://lists.denx.de/listinfo/u-boot _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
