On 1/4/25 00:21, Heinrich Schuchardt wrote:
Using strstr() instead of strnstr() creates a security concern.
Fixes: 1c41a7afaa15 ("net: lwip: build lwIP") Signed-off-by: Heinrich Schuchardt heinrich.schuchardt@canonical.com
lib/lwip/u-boot/arch/cc.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/lwip/u-boot/arch/cc.h b/lib/lwip/u-boot/arch/cc.h index de138846358..6104c296f6f 100644 --- a/lib/lwip/u-boot/arch/cc.h +++ b/lib/lwip/u-boot/arch/cc.h @@ -34,7 +34,7 @@ x, __LINE__, __FILE__); } while (0)
#define atoi(str) (int)dectoul(str, NULL) -#define lwip_strnstr(a, b, c) strstr(a, b) +#define lwip_strnstr(a, b, c) strnstr(a, b, c)
#define LWIP_ERR_T int #define LWIP_CONST_CAST(target_type, val) ((target_type)((uintptr_t)val))
Reviewed-by: Jerome Forissier jerome.forissier@linaro.org