From: Ahmad Fatoum <a.fatoum@pengutronix.de>
To: Sascha Hauer <s.hauer@pengutronix.de>,
BAREBOX <barebox@lists.infradead.org>
Cc: "Claude Opus 4.6" <noreply@anthropic.com>
Subject: Re: [PATCH 00/10] net: prevent buffer overflows in UDP packets
Date: Fri, 17 Apr 2026 12:21:40 +0200 [thread overview]
Message-ID: <7ad46afe-923f-4dfb-a87e-7453d00f205a@pengutronix.de> (raw)
In-Reply-To: <20260402-net-eth-do-udp-v1-0-af5d9fd6beec@pengutronix.de>
Hello Sascha,
On 4/2/26 8:36 AM, Sascha Hauer wrote:
> Our UDP handlers all use a UDP packets length without checking if it
> fits into the incoming ethernet frame. Create a net_eth_to_udp() helper
> which does the bounds checking and use it throughout the code.
Thanks for the fixes!
For the protocols, I'd probably have used a macro:
struct ntp_packet *ntp;
ntp = net_eth_to_udp_proto(pkt, len, struct ntp_packet, &udp);
if (!ntp)
return;
But that's just personal taste.
A number of places were passing frame length although they have advanced
the base pointer. They all seem fixed here, but there's may be potential
for breakage because of incorrect assumptions that no longer hold.
I guess we will see.
Thanks again,
Ahmad
>
> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
> ---
> Sascha Hauer (10):
> net: add net_eth_to_udp() helper for validated UDP extraction
> fs: tftp: use net_eth_to_udp() for packet parsing
> net: dhcp: use net_eth_to_udp() for packet parsing
> fs: nfs: use net_eth_to_udp() for packet parsing
> net: dns: use net_eth_to_udp() for packet parsing
> net: sntp: use net_eth_to_udp() for packet parsing
> net: netconsole: use net_eth_to_udp() for packet parsing
> net: fastboot: use net_eth_to_udp() for packet parsing
> net: fastboot: stop using net_eth_to_udp_payload() for PACKET_SIZE
> net: remove unused net_eth_to_udp{hdr,_payload,len}() helpers
>
> fs/nfs.c | 11 +++++++----
> fs/tftp.c | 9 +++++----
> include/net.h | 21 +++++++--------------
> net/dhcp.c | 16 +++++++++-------
> net/dns.c | 9 ++++++---
> net/fastboot.c | 25 ++++++++++++++++---------
> net/net.c | 40 ++++++++++++++++++++++++++++++++++++++++
> net/netconsole.c | 7 +++++--
> net/sntp.c | 14 +++++++++-----
> 9 files changed, 104 insertions(+), 48 deletions(-)
> ---
> base-commit: 0933e8f2ebf0d91dfcf177a4e4292b02921a53f1
> change-id: 20260402-net-eth-do-udp-327f4e65ddd5
>
> Best regards,
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
next prev parent reply other threads:[~2026-04-17 10:22 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-02 6:36 Sascha Hauer
2026-04-02 6:36 ` [PATCH 01/10] net: add net_eth_to_udp() helper for validated UDP extraction Sascha Hauer
2026-04-17 10:04 ` Ahmad Fatoum
2026-04-02 6:36 ` [PATCH 02/10] fs: tftp: use net_eth_to_udp() for packet parsing Sascha Hauer
2026-04-17 10:05 ` Ahmad Fatoum
2026-04-02 6:36 ` [PATCH 03/10] net: dhcp: " Sascha Hauer
2026-04-17 10:07 ` Ahmad Fatoum
2026-04-02 6:36 ` [PATCH 04/10] fs: nfs: " Sascha Hauer
2026-04-17 10:10 ` Ahmad Fatoum
2026-04-02 6:36 ` [PATCH 05/10] net: dns: " Sascha Hauer
2026-04-17 10:10 ` Ahmad Fatoum
2026-04-02 6:36 ` [PATCH 06/10] net: sntp: " Sascha Hauer
2026-04-17 10:12 ` Ahmad Fatoum
2026-04-02 6:36 ` [PATCH 07/10] net: netconsole: " Sascha Hauer
2026-04-17 10:12 ` Ahmad Fatoum
2026-04-02 6:36 ` [PATCH 08/10] net: fastboot: " Sascha Hauer
2026-04-17 10:14 ` Ahmad Fatoum
2026-04-02 6:36 ` [PATCH 09/10] net: fastboot: stop using net_eth_to_udp_payload() for PACKET_SIZE Sascha Hauer
2026-04-17 10:17 ` Ahmad Fatoum
2026-04-02 6:36 ` [PATCH 10/10] net: remove unused net_eth_to_udp{hdr,_payload,len}() helpers Sascha Hauer
2026-04-17 10:17 ` Ahmad Fatoum
2026-04-17 10:21 ` Ahmad Fatoum [this message]
2026-04-17 10:40 ` [PATCH 00/10] net: prevent buffer overflows in UDP packets Sascha Hauer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7ad46afe-923f-4dfb-a87e-7453d00f205a@pengutronix.de \
--to=a.fatoum@pengutronix.de \
--cc=barebox@lists.infradead.org \
--cc=noreply@anthropic.com \
--cc=s.hauer@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox