u-boot/net at d6694018eaddefac6aae974f9cec72fd6e58f1bc - u-boot - SherryJam Gitea

Mirrors/u-boot

mirror of https://source.denx.de/u-boot/u-boot.git synced 2026-06-02 09:46:37 +03:00

Files

History

Sebastian Josue Alba Vives d6694018ea net: nfs: fix buffer overflow in nfs_readlink_reply()

nfs_readlink_reply() validates rlen only against the incoming packet
length (inherited from CVE-2019-14195), but not against the destination
buffer nfs_path_buff[2048]. A malicious NFS server can send a valid
READLINK reply where pathlen + rlen exceeds sizeof(nfs_path_buff),
overflowing the BSS buffer into adjacent memory.

The recent fix in fd6e3d3409 addressed the same overflow class in
net/lwip/nfs.c but left the legacy path in net/nfs-common.c unpatched.

Add bounds checks before both memcpy calls in nfs_readlink_reply():
- relative path branch: reject if pathlen + rlen >= sizeof(nfs_path_buff)
- absolute path branch: reject if rlen >= sizeof(nfs_path_buff)

Fixes: cf3a4f1e86 ("net: nfs: Fix CVE-2019-14195")
Cc: stable@vger.kernel.org
Signed-off-by: Sebastian Alba Vives <sebasjosue84@gmail.com>
Reviewed-by: Jerome Forissier <jerome.forissier@arm.com>

2026-05-06 11:07:22 +02:00

..

net: lwip: tftp: update image_load_addr after successful transfer

2026-03-31 16:54:49 +02:00

arp.c

net: add missing SPDX-License-Identifier for files originating from LiMon

2025-08-18 15:47:57 +02:00

arp.h

net: add missing SPDX-License-Identifier for files originating from LiMon

2025-08-18 15:47:57 +02:00

bootp.c

net: bootp: Drop unused code

2026-03-31 16:54:49 +02:00

bootp.h

net: Remove BOOTP_VENDOREX support

2025-10-22 11:16:09 +02:00

cdp.c

net: add missing SPDX-License-Identifier for files originating from LiMon

2025-08-18 15:47:57 +02:00

cdp.h

net: add missing SPDX-License-Identifier for files originating from LiMon

2025-08-18 15:47:57 +02:00

dhcpv6.c

net: consolidate PXE processor architecture type Kconfig

2025-06-26 08:17:17 -06:00

dhcpv6.h

net: dhcp6: Send DHCPv6 using multicast MAC

2025-04-23 09:58:07 +02:00

dns.c

net: Remove duplicate newlines

2024-07-15 12:12:18 -06:00

dns.h

SPDX: Convert all of our single license tags to Linux Kernel style

2018-05-07 09:34:12 -04:00

dsa-uclass.c

net: dsa: Fix OF fallback lookup for ports

2023-06-14 18:38:25 +08:00

eth_bootdev.c

net: eth_bootdev_hunt() should not run DHCP

2025-01-05 02:30:48 +01:00

eth_common.c

miiphy: define mii_devs with LIST_HEAD()

2025-03-04 08:03:47 -06:00

eth_internal.h

net: remove duplicate eth_env_set_enetaddr_by_index() declaration

2024-07-31 17:55:08 -06:00

eth-uclass.c

treewide: Clean up DECLARE_GLOBAL_DATA_PTR usage

2026-02-17 13:50:22 -06:00

fastboot_tcp.c

net/tcp: improve tcp framework, use better state machine

2024-12-28 11:59:42 -06:00

fastboot_udp.c

Restore patch series "arm: dts: am62-beagleplay: Fix Beagleplay Ethernet"

2024-05-20 13:35:03 -06:00

Kconfig

net: make NET a menuconfig (and downgrade NO_NET to a simple config)

2026-04-27 11:26:40 -06:00

link_local.c

net: Remove env_get_ip helper() function

2025-05-29 08:30:24 -06:00

link_local.h

global: Drop common.h inclusion

2023-12-21 08:54:37 -05:00

Makefile

simplify NET_LEGACY || NET_LWIP condition with NET condition

2026-04-27 11:26:40 -06:00

mdio-mux-uclass.c

Restore patch series "arm: dts: am62-beagleplay: Fix Beagleplay Ethernet"

2024-05-20 13:35:03 -06:00

mdio-uclass.c

net: mdio-uclass: introduce dm_eth_phy_connect_interface()

2025-10-10 11:07:44 -06:00

ndisc.c

Fix neighbor discovery ethernet address saving

2025-01-01 14:40:04 -06:00

net6.c

Restore patch series "arm: dts: am62-beagleplay: Fix Beagleplay Ethernet"

2024-05-20 13:35:03 -06:00

net_rand.h

net: add missing SPDX-License-Identifier for files originating from LiMon

2025-08-18 15:47:57 +02:00

net-common.c

net: Move some variables to net-common files

2026-01-15 11:09:28 +01:00

net.c

net: Stop conflating return value with file size in net_loop()

2026-02-06 16:37:31 +01:00

nfs-common.c

net: nfs: fix buffer overflow in nfs_readlink_reply()

2026-05-06 11:07:22 +02:00

nfs-common.h

net: nfs: Move most NFS code to common files

2026-01-15 11:09:28 +01:00

nfs.c

net: nfs: Move most NFS code to common files

2026-01-15 11:09:28 +01:00

nfs.h

net: nfs: Move most NFS code to common files

2026-01-15 11:09:28 +01:00

pcap.c

net: Include env.h in pcap.c

2025-05-29 08:30:25 -06:00

ping6.c

Restore patch series "arm: dts: am62-beagleplay: Fix Beagleplay Ethernet"

2024-05-20 13:35:03 -06:00

ping.c

net: add missing SPDX-License-Identifier for files originating from LiMon

2025-08-18 15:47:57 +02:00

ping.h

net: add missing SPDX-License-Identifier for files originating from LiMon

2025-08-18 15:47:57 +02:00

rarp.c

net: Remove duplicate newlines

2024-07-15 12:12:18 -06:00

rarp.h

SPDX: Convert all of our single license tags to Linux Kernel style

2018-05-07 09:34:12 -04:00

sntp.c

net: extract function net_sntp_set_rtc() from sntp_handler()

2025-07-08 11:07:37 +02:00

tcp.c

net: Incorrect NOP macro used for test

2025-08-01 09:30:47 +02:00

tftp.c

Merge patch series "treewide: Clean up usage of DECLARE_GLOBAL_DATA_PTR"

2026-02-17 13:51:26 -06:00

udp.c

Restore patch series "arm: dts: am62-beagleplay: Fix Beagleplay Ethernet"

2024-05-20 13:35:03 -06:00

wget.c

treewide: Clean up DECLARE_GLOBAL_DATA_PTR usage

2026-02-17 13:50:22 -06:00

wol.c

Restore patch series "arm: dts: am62-beagleplay: Fix Beagleplay Ethernet"

2024-05-20 13:35:03 -06:00

wol.h

net: Add new wol command - Wake on LAN

2018-07-02 14:14:20 -05:00