* [PATCH 0/2] *** minor fixes in DHCP6 *** @ 2023-05-18 19:35 seanedmond 2023-05-18 19:35 ` [PATCH 1/2] net: ipv6: Fix CID 453851 and CID 436278 seanedmond 2023-05-18 19:35 ` [PATCH 2/2] net: dhcp6: Fix VCI string seanedmond 0 siblings, 2 replies; 7+ messages in thread From: seanedmond @ 2023-05-18 19:35 UTC (permalink / raw) To: u-boot; +Cc: trini, xypron.glpk, rfried.dev From: Sean Edmond <seanedmond@microsoft.com> Resolves 2 issues: - coverity CID 453851 and 436278 - Change DHCP6 VCI string from "U-boot" to "U-Boot" (this was found by more detailed testing on our end) Sean Edmond (2): net: ipv6: Fix CID 453851 and CID 436278 net: dhcp6: Fix VCI string cmd/net.c | 12 ++++++------ net/dhcpv6.c | 5 +++++ net/dhcpv6.h | 2 +- 3 files changed, 12 insertions(+), 7 deletions(-) -- 2.40.0 ^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH 1/2] net: ipv6: Fix CID 453851 and CID 436278 2023-05-18 19:35 [PATCH 0/2] *** minor fixes in DHCP6 *** seanedmond @ 2023-05-18 19:35 ` seanedmond 2023-06-10 10:44 ` Ramon Fried 2023-06-14 19:51 ` Tom Rini 2023-05-18 19:35 ` [PATCH 2/2] net: dhcp6: Fix VCI string seanedmond 1 sibling, 2 replies; 7+ messages in thread From: seanedmond @ 2023-05-18 19:35 UTC (permalink / raw) To: u-boot; +Cc: trini, xypron.glpk, rfried.dev From: Sean Edmond <seanedmond@microsoft.com> CID 453851 : sprintf() shouldn't copy from/to tmp CID 436278 : DHCP6 option_len should be checked before use Signed-off-by: Sean Edmond <seanedmond@microsoft.com> --- cmd/net.c | 12 ++++++------ net/dhcpv6.c | 5 +++++ 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/cmd/net.c b/cmd/net.c index 68d406291e..9e1f40a56e 100644 --- a/cmd/net.c +++ b/cmd/net.c @@ -209,7 +209,7 @@ U_BOOT_CMD( static void netboot_update_env(void) { - char tmp[44]; + char tmp[46]; if (net_gateway.s_addr) { ip_to_string(net_gateway, tmp); @@ -274,20 +274,20 @@ static void netboot_update_env(void) if (IS_ENABLED(CONFIG_IPV6)) { if (!ip6_is_unspecified_addr(&net_ip6) || net_prefix_length != 0) { - sprintf(tmp, "%pI6c", &net_ip6); if (net_prefix_length != 0) - sprintf(tmp, "%s/%d", tmp, net_prefix_length); - + snprintf(tmp, sizeof(tmp), "%pI6c/%d", &net_ip6, net_prefix_length); + else + snprintf(tmp, sizeof(tmp), "%pI6c", &net_ip6); env_set("ip6addr", tmp); } if (!ip6_is_unspecified_addr(&net_server_ip6)) { - sprintf(tmp, "%pI6c", &net_server_ip6); + snprintf(tmp, sizeof(tmp), "%pI6c", &net_server_ip6); env_set("serverip6", tmp); } if (!ip6_is_unspecified_addr(&net_gateway6)) { - sprintf(tmp, "%pI6c", &net_gateway6); + snprintf(tmp, sizeof(tmp), "%pI6c", &net_gateway6); env_set("gatewayip6", tmp); } } diff --git a/net/dhcpv6.c b/net/dhcpv6.c index 0d1c600632..73a1067877 100644 --- a/net/dhcpv6.c +++ b/net/dhcpv6.c @@ -316,6 +316,11 @@ static void dhcp6_parse_options(uchar *rx_pkt, unsigned int len) option_ptr = ((uchar *)option_hdr) + sizeof(struct dhcp6_hdr); option_len = ntohs(option_hdr->option_len); + if (option_ptr + option_len > rx_pkt + len) { + debug("Invalid option length\n"); + return; + } + switch (ntohs(option_hdr->option_id)) { case DHCP6_OPTION_CLIENTID: if (memcmp(option_ptr, sm_params.duid, option_len) -- 2.40.0 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH 1/2] net: ipv6: Fix CID 453851 and CID 436278 2023-05-18 19:35 ` [PATCH 1/2] net: ipv6: Fix CID 453851 and CID 436278 seanedmond @ 2023-06-10 10:44 ` Ramon Fried 2023-06-14 19:51 ` Tom Rini 1 sibling, 0 replies; 7+ messages in thread From: Ramon Fried @ 2023-06-10 10:44 UTC (permalink / raw) To: seanedmond; +Cc: u-boot, trini, xypron.glpk On Thu, May 18, 2023 at 10:35 PM <seanedmond@linux.microsoft.com> wrote: > > From: Sean Edmond <seanedmond@microsoft.com> > > CID 453851 : sprintf() shouldn't copy from/to tmp > CID 436278 : DHCP6 option_len should be checked before use > > Signed-off-by: Sean Edmond <seanedmond@microsoft.com> > --- > cmd/net.c | 12 ++++++------ > net/dhcpv6.c | 5 +++++ > 2 files changed, 11 insertions(+), 6 deletions(-) > > diff --git a/cmd/net.c b/cmd/net.c > index 68d406291e..9e1f40a56e 100644 > --- a/cmd/net.c > +++ b/cmd/net.c > @@ -209,7 +209,7 @@ U_BOOT_CMD( > > static void netboot_update_env(void) > { > - char tmp[44]; > + char tmp[46]; > > if (net_gateway.s_addr) { > ip_to_string(net_gateway, tmp); > @@ -274,20 +274,20 @@ static void netboot_update_env(void) > if (IS_ENABLED(CONFIG_IPV6)) { > if (!ip6_is_unspecified_addr(&net_ip6) || > net_prefix_length != 0) { > - sprintf(tmp, "%pI6c", &net_ip6); > if (net_prefix_length != 0) > - sprintf(tmp, "%s/%d", tmp, net_prefix_length); > - > + snprintf(tmp, sizeof(tmp), "%pI6c/%d", &net_ip6, net_prefix_length); > + else > + snprintf(tmp, sizeof(tmp), "%pI6c", &net_ip6); > env_set("ip6addr", tmp); > } > > if (!ip6_is_unspecified_addr(&net_server_ip6)) { > - sprintf(tmp, "%pI6c", &net_server_ip6); > + snprintf(tmp, sizeof(tmp), "%pI6c", &net_server_ip6); > env_set("serverip6", tmp); > } > > if (!ip6_is_unspecified_addr(&net_gateway6)) { > - sprintf(tmp, "%pI6c", &net_gateway6); > + snprintf(tmp, sizeof(tmp), "%pI6c", &net_gateway6); > env_set("gatewayip6", tmp); > } > } > diff --git a/net/dhcpv6.c b/net/dhcpv6.c > index 0d1c600632..73a1067877 100644 > --- a/net/dhcpv6.c > +++ b/net/dhcpv6.c > @@ -316,6 +316,11 @@ static void dhcp6_parse_options(uchar *rx_pkt, unsigned int len) > option_ptr = ((uchar *)option_hdr) + sizeof(struct dhcp6_hdr); > option_len = ntohs(option_hdr->option_len); > > + if (option_ptr + option_len > rx_pkt + len) { > + debug("Invalid option length\n"); > + return; > + } > + > switch (ntohs(option_hdr->option_id)) { > case DHCP6_OPTION_CLIENTID: > if (memcmp(option_ptr, sm_params.duid, option_len) > -- > 2.40.0 > Reviewed-by: Ramon Fried <rfried.dev@gmail.com> ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 1/2] net: ipv6: Fix CID 453851 and CID 436278 2023-05-18 19:35 ` [PATCH 1/2] net: ipv6: Fix CID 453851 and CID 436278 seanedmond 2023-06-10 10:44 ` Ramon Fried @ 2023-06-14 19:51 ` Tom Rini 1 sibling, 0 replies; 7+ messages in thread From: Tom Rini @ 2023-06-14 19:51 UTC (permalink / raw) To: seanedmond; +Cc: u-boot, xypron.glpk, rfried.dev [-- Attachment #1: Type: text/plain, Size: 411 bytes --] On Thu, May 18, 2023 at 12:35:40PM -0700, seanedmond@linux.microsoft.com wrote: > From: Sean Edmond <seanedmond@microsoft.com> > > CID 453851 : sprintf() shouldn't copy from/to tmp > CID 436278 : DHCP6 option_len should be checked before use > > Signed-off-by: Sean Edmond <seanedmond@microsoft.com> > Reviewed-by: Ramon Fried <rfried.dev@gmail.com> Applied to u-boot/master, thanks! -- Tom [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 659 bytes --] ^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH 2/2] net: dhcp6: Fix VCI string 2023-05-18 19:35 [PATCH 0/2] *** minor fixes in DHCP6 *** seanedmond 2023-05-18 19:35 ` [PATCH 1/2] net: ipv6: Fix CID 453851 and CID 436278 seanedmond @ 2023-05-18 19:35 ` seanedmond 2023-06-10 10:44 ` Ramon Fried 2023-06-14 19:51 ` Tom Rini 1 sibling, 2 replies; 7+ messages in thread From: seanedmond @ 2023-05-18 19:35 UTC (permalink / raw) To: u-boot; +Cc: trini, xypron.glpk, rfried.dev From: Sean Edmond <seanedmond@microsoft.com> Change VCI string from "U-boot" to "U-Boot". Signed-off-by: Sean Edmond <seanedmond@microsoft.com> --- net/dhcpv6.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/dhcpv6.h b/net/dhcpv6.h index 80ca520432..65c8e4c71d 100644 --- a/net/dhcpv6.h +++ b/net/dhcpv6.h @@ -38,7 +38,7 @@ #define DUID_MAX_SIZE DUID_LL_SIZE /* only supports DUID-LL currently */ /* vendor-class-data to send in vendor clas option */ -#define DHCP6_VCI_STRING "U-boot" +#define DHCP6_VCI_STRING "U-Boot" #define DHCP6_MULTICAST_ADDR "ff02::1:2" /* DHCP multicast address */ -- 2.40.0 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH 2/2] net: dhcp6: Fix VCI string 2023-05-18 19:35 ` [PATCH 2/2] net: dhcp6: Fix VCI string seanedmond @ 2023-06-10 10:44 ` Ramon Fried 2023-06-14 19:51 ` Tom Rini 1 sibling, 0 replies; 7+ messages in thread From: Ramon Fried @ 2023-06-10 10:44 UTC (permalink / raw) To: seanedmond; +Cc: u-boot, trini, xypron.glpk On Thu, May 18, 2023 at 10:35 PM <seanedmond@linux.microsoft.com> wrote: > > From: Sean Edmond <seanedmond@microsoft.com> > > Change VCI string from "U-boot" to "U-Boot". > > Signed-off-by: Sean Edmond <seanedmond@microsoft.com> > --- > net/dhcpv6.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/net/dhcpv6.h b/net/dhcpv6.h > index 80ca520432..65c8e4c71d 100644 > --- a/net/dhcpv6.h > +++ b/net/dhcpv6.h > @@ -38,7 +38,7 @@ > #define DUID_MAX_SIZE DUID_LL_SIZE /* only supports DUID-LL currently */ > > /* vendor-class-data to send in vendor clas option */ > -#define DHCP6_VCI_STRING "U-boot" > +#define DHCP6_VCI_STRING "U-Boot" > > #define DHCP6_MULTICAST_ADDR "ff02::1:2" /* DHCP multicast address */ > > -- > 2.40.0 > Reviewed-by: Ramon Fried <rfried.dev@gmail.com> ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 2/2] net: dhcp6: Fix VCI string 2023-05-18 19:35 ` [PATCH 2/2] net: dhcp6: Fix VCI string seanedmond 2023-06-10 10:44 ` Ramon Fried @ 2023-06-14 19:51 ` Tom Rini 1 sibling, 0 replies; 7+ messages in thread From: Tom Rini @ 2023-06-14 19:51 UTC (permalink / raw) To: seanedmond; +Cc: u-boot, xypron.glpk, rfried.dev [-- Attachment #1: Type: text/plain, Size: 344 bytes --] On Thu, May 18, 2023 at 12:35:41PM -0700, seanedmond@linux.microsoft.com wrote: > From: Sean Edmond <seanedmond@microsoft.com> > > Change VCI string from "U-boot" to "U-Boot". > > Signed-off-by: Sean Edmond <seanedmond@microsoft.com> > Reviewed-by: Ramon Fried <rfried.dev@gmail.com> Applied to u-boot/master, thanks! -- Tom [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 659 bytes --] ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2023-06-14 19:52 UTC | newest] Thread overview: 7+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2023-05-18 19:35 [PATCH 0/2] *** minor fixes in DHCP6 *** seanedmond 2023-05-18 19:35 ` [PATCH 1/2] net: ipv6: Fix CID 453851 and CID 436278 seanedmond 2023-06-10 10:44 ` Ramon Fried 2023-06-14 19:51 ` Tom Rini 2023-05-18 19:35 ` [PATCH 2/2] net: dhcp6: Fix VCI string seanedmond 2023-06-10 10:44 ` Ramon Fried 2023-06-14 19:51 ` Tom Rini
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox