U-Boot TFTP OACK option parser reads past unterminated values
Josh Law
josh2 at disroot.org
Thu May 28 18:17:10 CEST 2026
On May 28, 2026 4:47:45 PM GMT+01:00, Tom Rini <trini at konsulko.com> wrote:
>On Thu, May 28, 2026 at 03:46:51PM +0100, Josh Law wrote:
>> On May 27, 2026 7:55:58 PM GMT+01:00, "Lee, Brian J"
>> <hibrian827 at gatech.edu> wrote:
>> >Thank you for the acknowledgements! I apologize reproducing the PoC had
>> >difficulties due to poor quality. I will make sure to improve that.
>Thank
>> >you!
>> >
>> >Best regards,
>> >Brian
>>
>> Hey Brian, sorry for the unexpected email
>>
>>
>> After playing with my server slightly, I got your script running :)
>>
>> [run.sh] reusing existing
>>
>/home/josh/stuff/u-boot/INT-tftp-uboot-short-ack-oob/INT-tftp-uboot-short-ack-oob/poc/source
>> at
>> 215496fec59b3fa09256b4fb62f92af46e2ec7f9
>> ERROR: AddressSanitizer: heap-buffer-overflow
>>
>> I've CCed more people who can help you here.
>
>All,
>
>I'm sorry that if in the end it turns out I'm wrong here, but given all
>of the public evidence:
>https://lore.kernel.org/u-boot/c67720e2-bb73-43ab-9d75-851ef1f4afaf@kernel.org/
>https://lore.kernel.org/u-boot/ahXPidpyl-qRMOkH@google.com/
>https://lore.kernel.org/u-boot/64b5a656-d73d-4c72-95b1-3c843b18c2f1@digi.com/
>
>I do not believe Josh Law is a human but rather some LLM agent. Please
>disregard their feedback.
Tom, you and Brian are talking to a human.
I see the situation I'm in.
I understand the protection you want to provide, (and saving maintainers
times)
I understand the concern about
maintainer time and trust.
If identity verification is required I am willing to discuss a private
verification path with project
leadership or the conduct team. (e.g: video call)
I am not going to post personally identifying material publicly.
>
Thanks!
More information about the U-Boot
mailing list