Hi Rasmus,
On Fri, Oct 14, 2022 at 2:44 PM Rasmus Villemoes rasmus.villemoes@prevas.dk wrote:
tl;dr: b85d130ea0ca didn't fix the CVE(s), but did break tftp of certain file sizes - which is somewhat lucky, since that's how I noticed in the first place.
What I at first hoped would be a one-liner trivial fix turned out to be much more complicated and led me down a rabbit hole of related fixes. And this isn't even complete, I'm afraid. Details in 3/6.
1 and 4 are independent of all the others. 5 is a trivial preparation for 6; otherwise those are also independent of the others. Finally, 2 and 3 are my attempts at actually fixing CVE-2022-{30790,30552}, with 2 essentially lifting the "ensure the payload has non-negative size" to the first place we can check that instead of relying on that check to happen in several places.
Thanks for the fix:
Reviewed-by: Fabio Estevam festevam@denx.de