[PATCH] Fix CVE-2022-30767 (old CVE-2019-14196)
Andrea zi0Black Cappa
zi0Black at protonmail.com
Mon May 16 16:33:33 CEST 2022
Signed-off-by: Andrea zi0Black Cappa <zi0Black at protonmail.com>
---
net/nfs.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/net/nfs.c b/net/nfs.c
index 3c01cebd96..9152ab742e 100644
--- a/net/nfs.c
+++ b/net/nfs.c
@@ -52,7 +52,7 @@ static const ulong nfs_timeout = CONFIG_NFS_TIMEOUT;
static char dirfh[NFS_FHSIZE]; /* NFSv2 / NFSv3 file handle of directory */
static char filefh[NFS3_FHSIZE]; /* NFSv2 / NFSv3 file handle */
-static int filefh3_length; /* (variable) length of filefh when NFSv3 */
+static unsigned int filefh3_length; /* (variable) length of filefh when NFSv3 */
static enum net_loop_state nfs_download_state;
static struct in_addr nfs_server_ip;
@@ -573,8 +573,6 @@ static int nfs_lookup_reply(uchar *pkt, unsigned len)
filefh3_length = ntohl(rpc_pkt.u.reply.data[1]);
if (filefh3_length > NFS3_FHSIZE)
filefh3_length = NFS3_FHSIZE;
- if (((uchar *)&(rpc_pkt.u.reply.data[0]) - (uchar *)(&rpc_pkt) + filefh3_length
) > len)
- return -NFS_RPC_DROP;
memcpy(filefh, rpc_pkt.u.reply.data + 2, filefh3_length);
}
--
2.36.0.windows.1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 509 bytes
Desc: OpenPGP digital signature
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20220516/bf99730c/attachment.sig>
More information about the U-Boot
mailing list