Using strstr() instead of strnstr() creates a security concern.
* Implement missing library function strnstr() and add unit tests.
* Use it for lwIP.
* Fix function find_option() which is used to find the TFTP blocksize.
v2:
New patch for find_option()
Heinrich Schuchardt (4):
net: lwip: tftp: fix find_option()
lib: implement strnstr()
test: unit tests for strstr() and strnstr()
net: use strnstr() for lwip_strnstr()
include/linux/string.h | 3 ++
lib/lwip/lwip/src/apps/tftp/tftp.c | 54 +++++++++++++++++++++++++-----
lib/lwip/u-boot/arch/cc.h | 2 +-
lib/string.c | 49 ++++++++++++++++++---------
test/lib/string.c | 40 ++++++++++++++++++++++
5 files changed, 123 insertions(+), 25 deletions(-)
--
2.47.1
