LM
/
u-boot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

FIX: CVE-2022-30790, CVE-2022-30552 

BugzId: 80018
BugzId: 80019
This commit is contained in:
Marcel Reichmuth 2022-06-09 09:32:06 +02:00
parent ea62802ceb
commit 0d562ef932
2 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/net.h
View File

@ -379,6 +379,8 @@ struct ip_hdr {
#define IP_HDR_SIZE (sizeof(struct ip_hdr)) #define IP_HDR_SIZE (sizeof(struct ip_hdr))
#define IP_MIN_FRAG_DATAGRAM_SIZE (IP_HDR_SIZE + 8)
/* /*
* Internet Protocol (IP) + UDP header. * Internet Protocol (IP) + UDP header.
*/ */

3
net/net.c
View File

@ -862,6 +862,9 @@ static struct ip_udp_hdr *__net_defragment(struct ip_udp_hdr *ip, int *lenp)
int offset8, start, len, done = 0; int offset8, start, len, done = 0;
u16 ip_off = ntohs(ip->ip_off); u16 ip_off = ntohs(ip->ip_off);
if (ip->ip_len < IP_MIN_FRAG_DATAGRAM_SIZE)
return NULL;
/* payload starts after IP header, this fragment is in there */ /* payload starts after IP header, this fragment is in there */
payload = (struct hole *)(pkt_buff + IP_HDR_SIZE); payload = (struct hole *)(pkt_buff + IP_HDR_SIZE);
offset8 = (ip_off & IP_OFFS); offset8 = (ip_off & IP_OFFS);