u-boot.git/net, branch v2020.01-rc4

common: Move get_ticks() function out of common.h

2019-12-02T23:23:13Z

This function belongs in time.h so move it over and add a comment. Signed-off-by: Simon Glass Reviewed-by: Tom Rini

common: Move random-number functions into their own header

2019-12-02T23:23:07Z

Create a new rand.h header file and move functions into it, to reduce the size of common.h Signed-off-by: Simon Glass Reviewed-by: Tom Rini

Drop CONFIG_SHOW_ACTIVITY

2019-12-02T23:23:06Z

This feature is not enabled by any board. Drop it. Signed-off-by: Simon Glass

net: nfs: remove superfluous packed attribute

2019-09-04T16:37:19Z

With GCC 9.2.1 net/nfs.c leads to multiple errors of type address-of-packed-member. net/nfs.c: In function ‘rpc_req’: net/nfs.c:199:18: error: taking address of packed member of ‘struct rpc_t’ may result in an unaligned pointer value [-Werror=address-of-packed-member] 199 | p = (uint32_t *)&(rpc_pkt.u.call.data); | ^~~~~~~~~~~~~~~~~~~~~~ net/nfs.c: In function ‘nfs_readlink_reply’: net/nfs.c:631:46: error: taking address of packed member of ‘struct rpc_t’ may result in an unaligned pointer value [-Werror=address-of-packed-member] 631 | nfs3_get_attributes_offset(rpc_pkt.u.reply.data); | ~~~~~~~~~~~~~~~^~~~~ LD drivers/block/built-in.o net/nfs.c: In function ‘nfs_read_reply’: net/nfs.c:692:46: error: taking address of packed member of ‘struct rpc_t’ may result in an unaligned pointer value [-Werror=address-of-packed-member] 692 | nfs3_get_attributes_offset(rpc_pkt.u.reply.data); | ~~~~~~~~~~~~~~~^~~~~ struct rpc_t is only used as local variable. It is naturally packed. So there is no need for the attribute packed. Signed-off-by: Heinrich Schuchardt Reviewed-by: Bin Meng Acked-by: Joe Hershberger

net: nfs: remove superfluous conversions

2019-09-04T16:37:19Z

rpc_pkt.u.call.data is an array of uint32_t. There is no need to convert it to uint32_t *. memcpy() expects void * as it 1st and 2nd argument. There is no point in converting pointers to char * before passing them to memcpy(). In ntohl(data[1]) != 0 calling ntohl() is superfluous. If the value is zero, does not depend on the byte order. Signed-off-by: Heinrich Schuchardt Reviewed-by: Bin Meng Acked-by: Joe Hershberger

CVE-2019-14196: nfs: fix unbounded memcpy with a failed length check at nfs_lookup_reply

2019-09-04T16:37:19Z

This patch adds a check to rpc_pkt.u.reply.data at nfs_lookup_reply. Signed-off-by: Cheng Liu Reported-by: Fermín Serna Acked-by: Joe Hershberger

CVE-2019-14195: nfs: fix unbounded memcpy with unvalidated length at nfs_readlink_reply

2019-09-04T16:37:19Z

This patch adds a check to rpc_pkt.u.reply.data at nfs_readlink_reply. Signed-off-by: Cheng Liu Reported-by: Fermín Serna Acked-by: Joe Hershberger

CVE-2019-14194/CVE-2019-14198: nfs: fix unbounded memcpy with a failed length check at nfs_read_reply

2019-09-04T16:37:19Z

This patch adds a check to rpc_pkt.u.reply.data at nfs_read_reply. Signed-off-by: Cheng Liu Reported-by: Fermín Serna Acked-by: Joe Hershberger

CVE: nfs: fix stack-based buffer overflow in some nfs_handler reply helper functions

2019-09-04T16:37:19Z

This patch adds a check to nfs_handler to fix buffer overflow for CVE-2019-14197, CVE-2019-14200, CVE-2019-14201, CVE-2019-14202, CVE-2019-14203 and CVE-2019-14204. Signed-off-by: Cheng Liu Reported-by: Fermín Serna Acked-by: Joe Hershberger

CVE: net: fix unbounded memcpy of UDP packet

2019-09-04T16:37:19Z

This patch adds a check to udp_len to fix unbounded memcpy for CVE-2019-14192, CVE-2019-14193 and CVE-2019-14199. Signed-off-by: Cheng Liu Reviewed-by: Simon Goldschmidt Reported-by: Fermín Serna Acked-by: Joe Hershberger