[PATCH] net: bootp: Prevent buffer overflow to avoid leaking the RAM content
Philippe Reynes
philippe.reynes at softathome.com
Thu Oct 9 17:45:45 CEST 2025
Hi Fabio,
Le 09/10/2025 à 14:16, Fabio Estevam a écrit :
> This Mail comes from Outside of SoftAtHome: Do not answer, click links or open attachments unless you recognize the sender and know the content is safe.
>
> Hi Philippe,
>
> On Thu, Oct 9, 2025 at 6:27 AM Philippe Reynes
> <philippe.reynes at softathome.com> wrote:
>> From: Paul HENRYS <paul.henrys_ext at softathome.com>
>>
>> CVE-2024-42040 describes a possible buffer overflow when calling
>> bootp_process_vendor() in bootp_handler() since the total length
>> of the packet is passed to bootp_process_vendor() without being
>> reduced to len-(offsetof(struct bootp_hdr,bp_vend)+4).
>>
>> The packet length is also checked against its minimum size to avoid
>> reading data from struct bootp_hdr outside of the packet length.
>>
>> From: Paul HENRYS <paul.henrys_ext at softathome.com>
> You don't need to duplicate the From line here.
ok, I have removed it in the v2
>
>> Signed-off-by: Paul HENRYS <paul.henrys_ext at softathome.com>
> You missed your Signed-off-by tag.
ok, I have added it in the v2
Thanks for the feedback,
Regards,
Philippe
More information about the U-Boot
mailing list