18 Oct
2022
18 Oct
'22
6:41 p.m.
I found this problem while porting a security patch to my uboot. I've created a PoC exploit which can hang uboot during ping command (even with commit b85d130ea0cac152c21ec38ac9417b31d41b5552). In my case changing:
if (ip->ip_len < IP_MIN_FRAG_DATAGRAM_SIZE)
to:
if (ntohs(ip->ip_len) < IP_MIN_FRAG_DATAGRAM_SIZE)
solved the problem. But now I can see it's a bigger issue.
Tomorrow I will check these patches with my exploit.