]> git.baikalelectronics.ru Git - uboot.git/commit
projects / uboot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9c05895) | patch
tftp: prevent overwriting reserved memory
authorSimon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Mon, 14 Jan 2019 21:38:22 +0000 (22:38 +0100)
committerTom Rini <trini@konsulko.com>
Thu, 17 Jan 2019 04:15:53 +0000 (23:15 -0500)
commit3930385e4074a2b929d200e1a90903876ea353e8
tree10344e1016918d333cf38f540d3888b406235293tree | snapshot
parent9c0589598d552542aa29ee593ecb2b04a0b6c03fcommit | diff
tftp: prevent overwriting reserved memory

This fixes CVE-2018-18439 ("insufficient boundary checks in network
image boot") by using lmb to check for a valid range to store
received blocks.

Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
[trini: Always build lib/lmb.o on LMB and lib/fdtdec.o on OF_LIBFDT]
Signed-off-by: Tom Rini <trini@konsulko.com>
lib/Makefile diff | blob | history
net/tftp.c diff | blob | history
"Das U-Boot" Source Tree.