Vulnerability Disclosure in net/
Michael Nazzareno Trimarchi
michael at amarulasolutions.com
Thu May 26 14:20:39 CEST 2022
Hi Fabio
On Thu, May 26, 2022 at 2:13 PM Fabio Estevam <festevam at gmail.com> wrote:
>
> Hi Ramon,
>
> On Wed, May 25, 2022 at 11:46 PM Ramon Fried <rfried.dev at gmail.com> wrote:
>
> > Hi Nicolas,
> > Thanks for the research.
> > I have read your description thoroughly, very interesting.
> > I will implement fixes to the findings.
>
> Is it enough to add the check below?
>
> --- a/net/net.c
> +++ b/net/net.c
> @@ -906,6 +906,9 @@ static struct ip_udp_hdr *__net_defragment(struct
> ip_udp_hdr *ip, int *lenp)
> uchar *indata = (uchar *)ip;
> int offset8, start, len, done = 0;
> u16 ip_off = ntohs(ip->ip_off);
> +
> + if (ip->ip_len < 28)
> + return NULL;
>
If you comment on it up or nobody will remember what is 28 tomorrow
Michael
> /* payload starts after IP header, this fragment is in there */
> payload = (struct hole *)(pkt_buff + IP_HDR_SIZE);
--
Michael Nazzareno Trimarchi
Co-Founder & Chief Executive Officer
M. +39 347 913 2170
michael at amarulasolutions.com
__________________________________
Amarula Solutions BV
Joop Geesinkweg 125, 1114 AB, Amsterdam, NL
T. +31 (0)85 111 9172
info at amarulasolutions.com
www.amarulasolutions.com
More information about the U-Boot
mailing list