Difuse/u-boot
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
u-boot/net
History
Rasmus Villemoes 0686968639 net: deal with fragment-overlapping-two-holes case 
With a suitable sequence of malicious packets, it's currently possible
to get a hole descriptor to contain arbitrary attacker-controlled
contents, and then with one more packet to use that as an arbitrary
write vector.

While one could possibly change the algorithm so we instead loop over
all holes, and in each hole puts as much of the current fragment as
belongs there (taking care to carefully update the hole list as
appropriate), it's not worth the complexity: In real, non-malicious
scenarios, one never gets overlapping fragments, and certainly not
fragments that would be supersets of one another.

So instead opt for this simple protection: Simply don't allow the
eventual memcpy() to write beyond the last_byte of the current hole.

Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
2022-11-28 13:06:39 -05:00
..
arp.c Convert CONFIG_NET_RETRY_COUNT to Kconfig 2022-03-18 12:48:17 -04:00
arp.h net: Don't overwrite waiting packets with asynchronous replies 2018-10-10 12:29:01 -05:00
bootp.c efi_loader: Let networking support depend on NETDEVICES 2022-11-06 10:50:04 +01:00
bootp.h net: Use packed structures for networking 2017-08-07 15:18:31 -05:00
cdp.c Remove #include <timestamp.h> from files which do not need it 2021-09-17 12:10:44 -04:00
cdp.h SPDX: Convert a few files that were missed before 2018-05-10 20:38:35 -04:00
dns.c net: move random_port() to dns 2020-06-12 13:17:23 -04:00
dns.h SPDX: Convert all of our single license tags to Linux Kernel style 2018-05-07 09:34:12 -04:00
dsa-uclass.c dm: core: Drop ofnode_is_available() 2022-09-29 16:11:31 -04:00
eth-uclass.c net: eth-uclass: Do not set device on error 2022-10-17 21:17:12 -06:00
eth_bootdev.c bootstd: ethernet: Add a bootdev driver 2022-04-25 10:00:04 -04:00
eth_common.c net: Move network rules to drivers/net 2021-09-04 12:51:47 -04:00
eth_internal.h doc: replace @return by Return: 2022-01-19 18:11:34 +01:00
eth_legacy.c net: uclass: Save generated ethernet MAC addresses to the environment 2022-01-11 10:33:42 +01:00
fastboot.c net: fastboot: make UDP port net: configurable 2022-01-15 18:54:21 +02:00
Kconfig net: bootp: Make root path (option 17) length configurable 2022-08-08 10:49:51 -04:00
link_local.c common: Drop log.h from common header 2020-05-18 21:19:18 -04:00
link_local.h net: Add link-local addressing support 2012-05-23 17:53:08 -05:00
Makefile bootstd: ethernet: Add a bootdev driver 2022-04-25 10:00:04 -04:00
mdio-mux-uclass.c treewide: use dm_mdio_read/write/reset() wrappers 2022-04-10 08:44:12 +03:00
mdio-uclass.c net: mdio-uclass: add dm_phy_find_by_ofnode() helper 2022-05-04 07:05:51 +02:00
net.c net: deal with fragment-overlapping-two-holes case 2022-11-28 13:06:39 -05:00
net_rand.h net: Use NDRNG device in srand_mac() 2021-01-19 09:15:02 -05:00
nfs.c common: Drop display_options.h from common header 2022-08-10 13:46:55 -04:00
nfs.h net: nfs: remove superfluous packed attribute 2019-09-04 11:37:19 -05:00
pcap.c net: introduce packet capture support 2019-09-04 11:37:19 -05:00
ping.c net: Do not respond to ICMP_ECHO_REQUEST if we do not have an IP address 2021-01-19 09:15:02 -05:00
ping.h SPDX: Convert a few files that were missed before 2018-05-10 20:38:35 -04:00
rarp.c Convert CONFIG_NET_RETRY_COUNT to Kconfig 2022-03-18 12:48:17 -04:00
rarp.h SPDX: Convert all of our single license tags to Linux Kernel style 2018-05-07 09:34:12 -04:00
sntp.c net: sntp: remove CONFIG_TIMESTAMP constraint 2020-12-01 14:12:28 -05:00
tftp.c net: tftp: sanitize tftp block size, especially for TX 2022-11-28 13:06:39 -05:00
udp.c net: add a generic udp protocol 2020-09-30 16:55:03 -04:00
wol.c env: Drop environment.h header file where not needed 2019-08-11 16:43:41 -04:00
wol.h net: Add new wol command - Wake on LAN 2018-07-02 14:14:20 -05:00