[U-Boot] [PATCH 1/5] CVE: net: fix unbounded memcpy of UDP packet
Cheng Liu
liucheng32 at huawei.com
Wed Aug 21 14:48:02 UTC 2019
CVE: net: fix unbounded memcpy of UDP packet
This patch adds a check to udp_len to fix unbounded memcpy for
CVE-2019-14192, CVE-2019-14193 and CVE-2019-14199.
Signed-off-by: Cheng Liu <liucheng32 at huawei.com>
---
net/net.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/net.c b/net/net.c
index 40511db..68f9693 100644
--- a/net/net.c
+++ b/net/net.c
@@ -1253,6 +1253,9 @@ void net_process_received_packet(uchar *in_packet, int len)
return;
}
+ if (ntohs(ip->udp_len) < UDP_HDR_SIZE || ntohs(ip->udp_len) > ntohs(ip->ip_len))
+ return;
+
debug_cond(DEBUG_DEV_PKT,
"received UDP (to=%pI4, from=%pI4, len=%d)\n",
&dst_ip, &src_ip, len);
--
1.8.5.6
More information about the U-Boot
mailing list