On Mon, 3 Feb 2025 at 11:12, Heinrich Schuchardt
<heinrich.schucha...@canonical.com> wrote:
>
> Using strstr() instead of strnstr() creates a security concern.
>
> Fixes: 1c41a7afaa15 ("net: lwip: build lwIP")
> Signed-off-by: Heinrich Schuchardt <heinrich.schucha...@canonical.com>
> Reviewed-by: Jerome Forissier <jerome.foriss...@linaro.org>
> ---
> v3:
> no change
> v2:
> no change
> ---
> lib/lwip/u-boot/arch/cc.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/lib/lwip/u-boot/arch/cc.h b/lib/lwip/u-boot/arch/cc.h
> index de138846358..6104c296f6f 100644
> --- a/lib/lwip/u-boot/arch/cc.h
> +++ b/lib/lwip/u-boot/arch/cc.h
> @@ -34,7 +34,7 @@
> x, __LINE__, __FILE__); } while (0)
>
> #define atoi(str) (int)dectoul(str, NULL)
> -#define lwip_strnstr(a, b, c) strstr(a, b)
> +#define lwip_strnstr(a, b, c) strnstr(a, b, c)
>
> #define LWIP_ERR_T int
> #define LWIP_CONST_CAST(target_type, val) ((target_type)((uintptr_t)val))
> --
> 2.47.1
>
Reviewed-by: Ilias Apalodimas <ilias.apalodi...@linaro.org>
