[PATCH 1/1] api: add missing cookie checks for network access
Tom Rini
trini at konsulko.com
Wed Apr 10 02:43:50 CEST 2024
On Tue, Apr 09, 2024 at 03:16:55PM +0200, Heinrich Schuchardt wrote:
> dev_write_net() and dev_read_net() should validate the provided cookie.
>
> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt at canonical.com>
> ---
> api/api_net.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/api/api_net.c b/api/api_net.c
> index 7515c26e8b4..0b931a80787 100644
> --- a/api/api_net.c
> +++ b/api/api_net.c
> @@ -72,14 +72,16 @@ int dev_enum_net(struct device_info *di)
>
> int dev_write_net(void *cookie, void *buf, int len)
> {
> - /* XXX verify that cookie points to a valid net device??? */
> + if (!dev_valid_net(cookie))
> + return API_ENODEV;
>
> return eth_send(buf, len);
> }
>
> int dev_read_net(void *cookie, void *buf, int len)
> {
> - /* XXX verify that cookie points to a valid net device??? */
> + if (!dev_valid_net(cookie))
> + return API_ENODEV;
>
> return eth_receive(buf, len);
> }
Is this right? Probably. But what triggered looking in to this to start
with? I don't think anything is enabling the API support these days
even.
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20240409/df999b15/attachment.sig>
More information about the U-Boot
mailing list