diff options
| author | Francois Berder <[email protected]> | 2026-05-11 15:37:58 +0200 |
|---|---|---|
| committer | Jerome Forissier <[email protected]> | 2026-06-03 17:22:24 +0200 |
| commit | a38bf2121a398538730cd42a0cf3db8f80119c62 (patch) | |
| tree | 42fce64a65afbe7f8cf416561fea96cdad1d3bc5 | |
| parent | 919af6e49b1c013e8ed138f16ad2196f66900547 (diff) | |
net: sntp: Check packet length in sntp_handler
Currently, the sntp_handler uses data in the UDP packet
regardless of the actual packet size. A OOB read can occur
if the packet is too small.
Fix it by checking the packet length before extracting
seconds from a SNTP packet.
Signed-off-by: Francois Berder <[email protected]>
Reviewed-by: Jerome Forissier <[email protected]>
| -rw-r--r-- | net/sntp.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/net/sntp.c b/net/sntp.c index 77cee0046bd..4b3dc675bab 100644 --- a/net/sntp.c +++ b/net/sntp.c @@ -64,6 +64,9 @@ static void sntp_handler(uchar *pkt, unsigned dest, struct in_addr sip, if (dest != sntp_our_port) return; + if (len < SNTP_PACKET_LEN) + return; + /* * As the RTC's used in U-Boot support second resolution only * we simply ignore the sub-second field. |