[PATCH 3/3] net: use strnstr() for lwip_strnstr()
Heinrich Schuchardt
heinrich.schuchardt at canonical.com
Sat Jan 4 00:21:18 CET 2025
Using strstr() instead of strnstr() creates a security concern.
Fixes: 1c41a7afaa15 ("net: lwip: build lwIP")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt at canonical.com>
---
lib/lwip/u-boot/arch/cc.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/lwip/u-boot/arch/cc.h b/lib/lwip/u-boot/arch/cc.h
index de138846358..6104c296f6f 100644
--- a/lib/lwip/u-boot/arch/cc.h
+++ b/lib/lwip/u-boot/arch/cc.h
@@ -34,7 +34,7 @@
x, __LINE__, __FILE__); } while (0)
#define atoi(str) (int)dectoul(str, NULL)
-#define lwip_strnstr(a, b, c) strstr(a, b)
+#define lwip_strnstr(a, b, c) strnstr(a, b, c)
#define LWIP_ERR_T int
#define LWIP_CONST_CAST(target_type, val) ((target_type)((uintptr_t)val))
--
2.47.1
More information about the U-Boot
mailing list