Gitiles
Code Review Sign In
git01.mediatek.com / filogic / uboot / a96cf8fd141cf94f59969db6f28a84763ff40653
commita96cf8fd141cf94f59969db6f28a84763ff40653[log] [tgz]
authorSimon Goldschmidt <simon.k.r.goldschmidt@gmail.com>Mon Jan 14 22:38:22 2019 +0100
committerTom Rini <trini@konsulko.com>Wed Jan 16 23:15:53 2019 -0500
tree10344e1016918d333cf38f540d3888b406235293
parentd7439628a80333a2f223cea9c189ed6b33898c85 [diff]
tftp: prevent overwriting reserved memory

This fixes CVE-2018-18439 ("insufficient boundary checks in network
image boot") by using lmb to check for a valid range to store
received blocks.

Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Acked-by: Joe Hershberger <joe.hershberger@ni.com>
[trini: Always build lib/lmb.o on LMB and lib/fdtdec.o on OF_LIBFDT]
Signed-off-by: Tom Rini <trini@konsulko.com>
2 files changed
tree: 10344e1016918d333cf38f540d3888b406235293
  1. .github/
  2. api/
  3. arch/
  4. board/
  5. cmd/
  6. common/
  7. configs/
  8. disk/
  9. doc/
  10. Documentation/
  11. drivers/
  12. dts/
  13. env/
  14. examples/
  15. fs/
  16. include/
  17. lib/
  18. Licenses/
  19. net/
  20. post/
  21. scripts/
  22. test/
  23. tools/
  24. .checkpatch.conf
  25. .gitignore
  26. .mailmap
  27. .travis.yml
  28. config.mk
  29. Kbuild
  30. Kconfig
  31. MAINTAINERS
  32. Makefile
  33. README