Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/2147734/?format=api
{ "id": 2147734, "url": "http://patchwork.ozlabs.org/api/patches/2147734/?format=api", "web_url": "http://patchwork.ozlabs.org/project/uboot/patch/20251009154328.260391-1-philippe.reynes@softathome.com/", "project": { "id": 18, "url": "http://patchwork.ozlabs.org/api/projects/18/?format=api", "name": "U-Boot", "link_name": "uboot", "list_id": "u-boot.lists.denx.de", "list_email": "u-boot@lists.denx.de", "web_url": null, "scm_url": null, "webscm_url": null, "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20251009154328.260391-1-philippe.reynes@softathome.com>", "list_archive_url": null, "date": "2025-10-09T15:43:28", "name": "[v2] net: bootp: Prevent buffer overflow to avoid leaking the RAM content", "commit_ref": "81e5708cc2c865df606e49aed5415adb2a662171", "pull_url": null, "state": "accepted", "archived": false, "hash": "e410dcb116cee88ff31fa04a943fe9bee6687892", "submitter": { "id": 74351, "url": "http://patchwork.ozlabs.org/api/people/74351/?format=api", "name": "Philippe Reynes", "email": "philippe.reynes@softathome.com" }, "delegate": { "id": 157425, "url": "http://patchwork.ozlabs.org/api/users/157425/?format=api", "username": "jforissier", "first_name": "Jerome", "last_name": "Forissier", "email": "jerome.forissier@linaro.org" }, "mbox": "http://patchwork.ozlabs.org/project/uboot/patch/20251009154328.260391-1-philippe.reynes@softathome.com/mbox/", "series": [ { "id": 476945, "url": "http://patchwork.ozlabs.org/api/series/476945/?format=api", "web_url": "http://patchwork.ozlabs.org/project/uboot/list/?series=476945", "date": "2025-10-09T15:43:28", "name": "[v2] net: bootp: Prevent buffer overflow to avoid leaking the RAM content", "version": 2, "mbox": "http://patchwork.ozlabs.org/series/476945/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2147734/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2147734/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<u-boot-bounces@lists.denx.de>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com\n header.a=rsa-sha256 header.s=selector1-softathome1-onmicrosoft-com\n header.b=pUqWZ+CF;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de\n (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;\n envelope-from=u-boot-bounces@lists.denx.de; receiver=patchwork.ozlabs.org)", "phobos.denx.de;\n dmarc=none (p=none dis=none) header.from=softathome.com", "phobos.denx.de;\n spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de", "phobos.denx.de;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com\n header.b=\"pUqWZ+CF\";\n\tdkim-atps=neutral", "phobos.denx.de; dmarc=none (p=none dis=none)\n header.from=softathome.com", "phobos.denx.de;\n spf=pass smtp.mailfrom=philippe.reynes@softathome.com" ], "Received": [ "from phobos.denx.de (phobos.denx.de\n [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange X25519 server-signature ECDSA (secp384r1))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4cjDjG65NGz1yGS\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 10 Oct 2025 02:45:22 +1100 (AEDT)", "from h2850616.stratoserver.net (localhost [IPv6:::1])\n\tby phobos.denx.de (Postfix) with ESMTP id 206FE844AE;\n\tThu, 9 Oct 2025 17:45:18 +0200 (CEST)", "by phobos.denx.de (Postfix, from userid 109)\n id 14D328455C; Thu, 9 Oct 2025 17:45:17 +0200 (CEST)", "from PR0P264CU014.outbound.protection.outlook.com\n (mail-francecentralazlp170120004.outbound.protection.outlook.com\n [IPv6:2a01:111:f403:c20a::4])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))\n (No client certificate requested)\n by phobos.denx.de (Postfix) with ESMTPS id 0A51B84461\n for <u-boot@lists.denx.de>; Thu, 9 Oct 2025 17:45:15 +0200 (CEST)", "from PR3P193CA0041.EURP193.PROD.OUTLOOK.COM (2603:10a6:102:51::16)\n by PARP264MB5871.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:4c0::7) with\n Microsoft SMTP Server (version=TLS1_2,\n cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9203.9; Thu, 9 Oct\n 2025 15:45:12 +0000", "from PA2PEPF00019231.FRAP264.PROD.OUTLOOK.COM\n (2603:10a6:102:51:cafe::2) by PR3P193CA0041.outlook.office365.com\n (2603:10a6:102:51::16) with Microsoft SMTP Server (version=TLS1_3,\n cipher=TLS_AES_256_GCM_SHA384) id 15.20.9160.17 via Frontend Transport; Thu,\n 9 Oct 2025 15:45:12 +0000", "from proxy.softathome.com (149.6.166.170) by\n PA2PEPF00019231.mail.protection.outlook.com (10.167.242.37) with Microsoft\n SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9203.9\n via Frontend Transport; Thu, 9 Oct 2025 15:45:12 +0000", "from sah1lpt726.home (unknown [192.168.72.32])\n by proxy.softathome.com (Postfix) with ESMTPSA id 2A0E1200CF;\n Thu, 9 Oct 2025 17:45:12 +0200 (CEST)" ], "X-Spam-Checker-Version": "SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de", "X-Spam-Level": "", "X-Spam-Status": "No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,\n DKIM_VALID,RCVD_IN_DNSWL_BLOCKED,SPF_HELO_PASS,SPF_PASS autolearn=ham\n autolearn_force=no version=3.4.2", "ARC-Seal": "i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;\n b=MP+jYwdmW9WAgfIxTI/5DTbvl88igg/qewmZ04oYFHkWE9IzyAqUr6e9Kt8Sq3kYCHELMyVKd4Vx+ljYx1oGv+J9nhXcQ5tc2KlKaafdUfiAHsKdj5qumMHbJPgRoA/XNSsfT7RZBF7Ldf7O2gvSkAa2HBOvxR9mVzsI14YrIAZZixPURyQfHQwuU1Ua70W4nPKVyJ7fFcALAkfH9UcF18GtA/2/Q7uB1fZ20PL6yBgGwcnf1/DaC6+bmrn72icQGsqlmM8uTgmChMJoBkF2sK4nkI5MZ3q80wiuLef8dD/yequ44KGX5p4brCUjzsjHcpECvBhCnLLv9fQlwqL3+w==", "ARC-Message-Signature": "i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;\n s=arcselector10001;\n h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;\n bh=yJOztuVz+1orPxhaCDjSbC1rumgOxFkh3j4PNeZ1xus=;\n b=QI4FV93nU6c/c9p4lkaC3IXzrDxxd5Lw75LweCy8dWg5u1rfCDdYh+QN93BexR/kAO0FNcd/YdDur2GvhEHBfZJfJCQDA1V+Bm2EFHP4YSPusBGnV5MbJtJpEXbOr+VYJzPBqhCwW57WzYikxELKDoCdFYp9kYZO4flH3vYlk71BUsBoRlXvhxgrEWUB6nflgJ4ehPoDxKjcR6fP8K5+cLM3l2q19ek5l60dDR1OIGYDC9fpTWHO6DofwNsD0DarFFucrE4oatC5tNORh1ZnUorewp765agJlu6mE2vyvaws16C2v/wUuJR3iIfYbyY+c0kyko6NvUBBn9fMI7FVXw==", "ARC-Authentication-Results": "i=1; mx.microsoft.com 1; spf=pass (sender ip is\n 149.6.166.170) smtp.rcpttodomain=gmail.com smtp.mailfrom=softathome.com;\n dmarc=bestguesspass action=none header.from=softathome.com; dkim=none\n (message not signed); arc=none (0)", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com;\n h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;\n bh=yJOztuVz+1orPxhaCDjSbC1rumgOxFkh3j4PNeZ1xus=;\n b=pUqWZ+CFX7fXg4O/wdxjgzTTJB8CVjcgo928IBAzn7YBfXqxv6EA4ozzTFhdZy2CuLJWXF0u6ebjdYZyTXxfxAtsTzf1oC3NL9L7HyvrtpPmUYwrW/PLn2O/YVFMjXwjVgo9Tt85eHGmt6Rlc4PF50rFQRtsONzgbBur8p14Cds5Shw+yqjn5/IrhKOCpdRaGKItFWz2aSr7atnIll37/DrjMam2wGmubkrjRG+ekbVVsJnbnQw4pRkq1DxUW/9xDr9rA6l+HeKh/Mx/j7+MLrnZlFCiE/UTZD4K3/NaFR1FMcwwjcNrVHt8+oYnxm8PMuG6I8/0ScOZOO7/vkEdRg==", "X-MS-Exchange-Authentication-Results": "spf=pass (sender IP is 149.6.166.170)\n smtp.mailfrom=softathome.com; dkim=none (message not signed)\n header.d=none;dmarc=bestguesspass action=none header.from=softathome.com;", "Received-SPF": "Pass (protection.outlook.com: domain of softathome.com\n designates 149.6.166.170 as permitted sender)\n receiver=protection.outlook.com; client-ip=149.6.166.170;\n helo=proxy.softathome.com; pr=C", "From": "Philippe Reynes <philippe.reynes@softathome.com>", "To": "joe.hershberger@ni.com, rfried.dev@gmail.com, jerome.forissier@linaro.org,\n festevam@gmail.com", "Cc": "u-boot@lists.denx.de, Paul HENRYS <paul.henrys_ext@softathome.com>,\n Philippe Reynes <philippe.reynes@softathome.com>", "Subject": "[PATCH v2] net: bootp: Prevent buffer overflow to avoid leaking the\n RAM content", "Date": "Thu, 9 Oct 2025 17:43:28 +0200", "Message-ID": "<20251009154328.260391-1-philippe.reynes@softathome.com>", "X-Mailer": "git-send-email 2.43.0", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "X-EOPAttributedMessage": "0", "X-MS-PublicTrafficType": "Email", "X-MS-TrafficTypeDiagnostic": "PA2PEPF00019231:EE_|PARP264MB5871:EE_", "Content-Type": "text/plain", "X-MS-Office365-Filtering-Correlation-Id": "da07a277-78dc-48c9-5b9e-08de074ad57e", "X-MS-Exchange-SenderADCheck": "1", "X-MS-Exchange-AntiSpam-Relay": "0", "X-Microsoft-Antispam": "BCL:0;\n ARA:13230040|36860700013|376014|1800799024|82310400026;", "X-Microsoft-Antispam-Message-Info": "\n 75r3K9A4Vnh0WVOG4sYlBh97DQbmKkzGEicpq9AgC0AmiupO/ZVDqO3oQdrQV3t1dBO+PfeFSIwOHmcZDwNSxGJ+o/lcS0n1lBOnmC4hc01BJzCffEWBgFD+bKwLScm55TbYKqzYwM0oj8tOOLe4ajBnLAsGnESpX/807M661EGkXyWvrD1xJsd3MCi4urH3jf6OImlN0bH1QvRQJgecz4aGQcOtHK3h3U7Af/EzpR4xdxgEmzWxGE3+dnBMCCbiUdP0A+bvCb7K+Hs/UyyDoFm1iWXOB/aBIQOlk87M9sbW/LjWSCd9g7g5OfGr7Lv+h08qNJMXH+1hfvqdgihfPI00f246YCIk6GxvgowVM0P5/9CW3Unolr7L7RVQZa1B89z/ZoPgOkxrIT7p30CHjClJ0tlHnsWNlaynNZrQL/xgm4y5iTVCp30Xn9HrD5IueFkJ0PWpqcuLgMEX/LZVLwh2+EkvsQp3ZAfW3oXxLJyCu5Qp/8Jjc/s8w8MHI3iGcDwJA53e47Ql+iHAxVAn5E1mhyctTk5IesEgoSwkcQOWbFey6LjAC48MtConRc1gauiKVn6i0PDYmAEFu61lWnl8mT9CDQ3ggWjP4pxQo1xfAlTWCwNPwJqZIU90vxdZBYkkvFqKJSKTAw9RCcgP139BEpC6ZQOW0E8N7LT/LHX/LDaEk0OzxfM98N6I7fNfIzXJxf8MVn3nuAuuntuH6p7ImoQm2eJIdRZyOOblkl501Lx15qyNDfOgwRX0EpBx1mfAmKVIaZUS9Na/cpHsxu8qQK4l/+y+DPx0fY5YMH7F3PkSD/Td417stgnePTG9ZBq+i3do1rjeGYaBlppnXyYYlsfW5Blxy/iTyxHfDTh27e0V1hjfAu7KmorI6nY4VcJzJ05H894ywMIqGo6GX02OcllpFe+Y+Uh/ZguxuL99PQfXv19tnQyKr9wZkVQ7KAVcbZ+5C4M93QagKauGRJ3bYv4hoez3D7ygP0wqJPAXQEpSxbZCOYBSCyrqXmvJoaWL/ac3zVFqCfPadEiqmGIDI47UyGAR8UW01KaPh2dPJb1GTaAlhIGrm+S9V2Ar8O86W5UVHZwDb5vVnz98z9JqXOntxEa2cx+YqzipCwV/kI+NEmAbhZeJEcfggutPJNwBwxXZDj7zHTwlBjFPy9g40hplclpHhBVAiR/Fk6BiJOcCxYesAyFSAX2GjXRCrum4Q4IGdFzqMMYYxTuYUeV2blqncJzRZgV0QjD9B5c/z7kNTkR2x9zKbUprdQB9UFJ4VZhvuO74TUZsPPyCm7wQUwNZkIU9NpHlQWL3NPXKYSxz84kh7dQaU07789klZPFAG+Lea4mVS3UFKv8j9c4PunC5kzaWYg+a/zi6Sebh93kjX/ZndystpuNqPIa84s9lHb5K9ktOE4l7tMGE3aN0xtoj3COz0ZVDaRvX7+yt+qktcMrPqWBCJFAeYTAkt5996AdffutV7adopj4cglSIIYQKLPyyDHpbyIZLz5U3mlZX4uOFe+OeOsfM6e379R5QwbFp8Cy+SmzmbdvJtHD7OLBOONsDYVo2m8P1MdA=", "X-Forefront-Antispam-Report": "CIP:149.6.166.170; CTRY:FR; LANG:en; SCL:1; SRV:;\n IPV:CAL; SFV:NSPM; H:proxy.softathome.com; PTR:InfoDomainNonexistent;\n CAT:NONE;\n SFS:(13230040)(36860700013)(376014)(1800799024)(82310400026); DIR:OUT;\n SFP:1101;", "X-OriginatorOrg": "softathome.com", "X-MS-Exchange-CrossTenant-OriginalArrivalTime": "09 Oct 2025 15:45:12.3508 (UTC)", "X-MS-Exchange-CrossTenant-Network-Message-Id": "\n da07a277-78dc-48c9-5b9e-08de074ad57e", "X-MS-Exchange-CrossTenant-Id": "aa10e044-e405-4c10-8353-36b4d0cce511", "X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp": "\n TenantId=aa10e044-e405-4c10-8353-36b4d0cce511; Ip=[149.6.166.170];\n Helo=[proxy.softathome.com]", "X-MS-Exchange-CrossTenant-AuthSource": "PA2PEPF00019231.FRAP264.PROD.OUTLOOK.COM", "X-MS-Exchange-CrossTenant-AuthAs": "Anonymous", "X-MS-Exchange-CrossTenant-FromEntityHeader": "HybridOnPrem", "X-MS-Exchange-Transport-CrossTenantHeadersStamped": "PARP264MB5871", "X-BeenThere": "u-boot@lists.denx.de", "X-Mailman-Version": "2.1.39", "Precedence": "list", "List-Id": "U-Boot discussion <u-boot.lists.denx.de>", "List-Unsubscribe": "<https://lists.denx.de/options/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>", "List-Archive": "<https://lists.denx.de/pipermail/u-boot/>", "List-Post": "<mailto:u-boot@lists.denx.de>", "List-Help": "<mailto:u-boot-request@lists.denx.de?subject=help>", "List-Subscribe": "<https://lists.denx.de/listinfo/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=subscribe>", "Errors-To": "u-boot-bounces@lists.denx.de", "Sender": "\"U-Boot\" <u-boot-bounces@lists.denx.de>", "X-Virus-Scanned": "clamav-milter 0.103.8 at phobos.denx.de", "X-Virus-Status": "Clean" }, "content": "From: Paul HENRYS <paul.henrys_ext@softathome.com>\n\nCVE-2024-42040 describes a possible buffer overflow when calling\nbootp_process_vendor() in bootp_handler() since the total length\nof the packet is passed to bootp_process_vendor() without being\nreduced to len-(offsetof(struct bootp_hdr,bp_vend)+4).\n\nThe packet length is also checked against its minimum size to avoid\nreading data from struct bootp_hdr outside of the packet length.\n\nSigned-off-by: Paul HENRYS <paul.henrys_ext@softathome.com>\nSigned-off-by: Philippe Reynes <philippe.reynes@softathome.com>\n---\nHistory:\nv2:\n- remove useless from\n- add Signed-off for Philippe Reynes\n\n net/bootp.c | 11 ++++++++++-\n 1 file changed, 10 insertions(+), 1 deletion(-)", "diff": "diff --git a/net/bootp.c b/net/bootp.c\nindex 19e7453daed..3ab00433bb8 100644\n--- a/net/bootp.c\n+++ b/net/bootp.c\n@@ -379,6 +379,14 @@ static void bootp_handler(uchar *pkt, unsigned dest, struct in_addr sip,\n \tdebug(\"got BOOTP packet (src=%d, dst=%d, len=%d want_len=%zu)\\n\",\n \t src, dest, len, sizeof(struct bootp_hdr));\n \n+\t/* Check the minimum size of a BOOTP packet is respected.\n+\t * A BOOTP packet is between 300 bytes and 576 bytes big\n+\t */\n+\tif (len < offsetof(struct bootp_hdr, bp_vend) + 64) {\n+\t\tprintf(\"Error: got an invalid BOOTP packet (len=%u)\\n\", len);\n+\t\treturn;\n+\t}\n+\n \tbp = (struct bootp_hdr *)pkt;\n \n \t/* Filter out pkts we don't want */\n@@ -396,7 +404,8 @@ static void bootp_handler(uchar *pkt, unsigned dest, struct in_addr sip,\n \n \t/* Retrieve extended information (we must parse the vendor area) */\n \tif (net_read_u32((u32 *)&bp->bp_vend[0]) == htonl(BOOTP_VENDOR_MAGIC))\n-\t\tbootp_process_vendor((uchar *)&bp->bp_vend[4], len);\n+\t\tbootp_process_vendor((uchar *)&bp->bp_vend[4], len -\n+\t\t\t\t (offsetof(struct bootp_hdr, bp_vend) + 4));\n \n \tnet_set_timeout_handler(0, (thand_f *)0);\n \tbootstage_mark_name(BOOTSTAGE_ID_BOOTP_STOP, \"bootp_stop\");\n", "prefixes": [ "v2" ] }