[PATCH] net: bootp: Prevent buffer overflow to avoid leaking the RAM content
Fabio Estevam
festevam at gmail.com
Thu Oct 9 14:16:42 CEST 2025
Hi Philippe,
On Thu, Oct 9, 2025 at 6:27 AM Philippe Reynes
<philippe.reynes at softathome.com> wrote:
>
> From: Paul HENRYS <paul.henrys_ext at softathome.com>
>
> CVE-2024-42040 describes a possible buffer overflow when calling
> bootp_process_vendor() in bootp_handler() since the total length
> of the packet is passed to bootp_process_vendor() without being
> reduced to len-(offsetof(struct bootp_hdr,bp_vend)+4).
>
> The packet length is also checked against its minimum size to avoid
> reading data from struct bootp_hdr outside of the packet length.
>
> From: Paul HENRYS <paul.henrys_ext at softathome.com>
You don't need to duplicate the From line here.
> Signed-off-by: Paul HENRYS <paul.henrys_ext at softathome.com>
You missed your Signed-off-by tag.
More information about the U-Boot
mailing list