On 21.01.25 02:05, Tom Rini wrote:
On Sat, Jan 04, 2025 at 12:21:18AM +0100, Heinrich Schuchardt wrote:

Using strstr() instead of strnstr() creates a security concern.

Fixes: 1c41a7afaa15 ("net: lwip: build lwIP")
Signed-off-by: Heinrich Schuchardt <heinrich.schucha...@canonical.com>
Reviewed-by: Jerome Forissier <jerome.foriss...@linaro.org>
---
  lib/lwip/u-boot/arch/cc.h | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/lwip/u-boot/arch/cc.h b/lib/lwip/u-boot/arch/cc.h
index de138846358..6104c296f6f 100644
--- a/lib/lwip/u-boot/arch/cc.h
+++ b/lib/lwip/u-boot/arch/cc.h
@@ -34,7 +34,7 @@
               x, __LINE__, __FILE__); } while (0)
#define atoi(str) (int)dectoul(str, NULL)
-#define lwip_strnstr(a, b, c)  strstr(a, b)
+#define lwip_strnstr(a, b, c)  strnstr(a, b, c)
#define LWIP_ERR_T int
  #define LWIP_CONST_CAST(target_type, val) ((target_type)((uintptr_t)val))

This leads to:
https://dev.azure.com/u-boot/u-boot/_build/results?buildId=10370&view=logs&j=45c0c132-56cd-504a-56c7-1b8a534aa92b&t=f95d3367-9db2-5f2a-d3ed-8901d714dd66
as a failure, that I only end up seeing in Azure (I didn't track down if
there's some good reason we don't see this in Gitlab).


Hello Tom,

It is not really clear how

    Lab failure: Timeout executing 'tftpboot 40400000 u-boot.bin

could be related to this patch series.

    git grep -ni strstr net/

only shows usage in wget but not in tftp.

Is this test result reproducible in Azure?

Best regards

Heinrich

Reply via email to