On 21.01.25 02:05, Tom Rini wrote:
On Sat, Jan 04, 2025 at 12:21:18AM +0100, Heinrich Schuchardt wrote:
Using strstr() instead of strnstr() creates a security concern.
Fixes: 1c41a7afaa15 ("net: lwip: build lwIP") Signed-off-by: Heinrich Schuchardt heinrich.schuchardt@canonical.com Reviewed-by: Jerome Forissier jerome.forissier@linaro.org
lib/lwip/u-boot/arch/cc.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/lwip/u-boot/arch/cc.h b/lib/lwip/u-boot/arch/cc.h index de138846358..6104c296f6f 100644 --- a/lib/lwip/u-boot/arch/cc.h +++ b/lib/lwip/u-boot/arch/cc.h @@ -34,7 +34,7 @@ x, __LINE__, __FILE__); } while (0)
#define atoi(str) (int)dectoul(str, NULL) -#define lwip_strnstr(a, b, c) strstr(a, b) +#define lwip_strnstr(a, b, c) strnstr(a, b, c)
#define LWIP_ERR_T int #define LWIP_CONST_CAST(target_type, val) ((target_type)((uintptr_t)val))
This leads to: https://dev.azure.com/u-boot/u-boot/_build/results?buildId=10370&view=lo... as a failure, that I only end up seeing in Azure (I didn't track down if there's some good reason we don't see this in Gitlab).
Hello Tom,
It is not really clear how
Lab failure: Timeout executing 'tftpboot 40400000 u-boot.bin
could be related to this patch series.
git grep -ni strstr net/
only shows usage in wget but not in tftp.
Is this test result reproducible in Azure?
Best regards
Heinrich