[PATCH 00/10] net: prevent buffer overflows in UDP packets

Ahmad Fatoum a.fatoum at pengutronix.de
Fri Apr 17 03:21:40 PDT 2026 

Hello Sascha,

On 4/2/26 8:36 AM, Sascha Hauer wrote:
> Our UDP handlers all use a UDP packets length without checking if it
> fits into the incoming ethernet frame. Create a net_eth_to_udp() helper
> which does the bounds checking and use it throughout the code.

Thanks for the fixes!

For the protocols, I'd probably have used a macro:

	struct ntp_packet *ntp;

	ntp = net_eth_to_udp_proto(pkt, len, struct ntp_packet, &udp);
	if (!ntp)
		return;

But that's just personal taste.

A number of places were passing frame length although they have advanced
the base pointer. They all seem fixed here, but there's may be potential
for breakage because of incorrect assumptions that no longer hold.

I guess we will see.

Thanks again,
Ahmad

> 
> Signed-off-by: Sascha Hauer <s.hauer at pengutronix.de>
> ---
> Sascha Hauer (10):
>       net: add net_eth_to_udp() helper for validated UDP extraction
>       fs: tftp: use net_eth_to_udp() for packet parsing
>       net: dhcp: use net_eth_to_udp() for packet parsing
>       fs: nfs: use net_eth_to_udp() for packet parsing
>       net: dns: use net_eth_to_udp() for packet parsing
>       net: sntp: use net_eth_to_udp() for packet parsing
>       net: netconsole: use net_eth_to_udp() for packet parsing
>       net: fastboot: use net_eth_to_udp() for packet parsing
>       net: fastboot: stop using net_eth_to_udp_payload() for PACKET_SIZE
>       net: remove unused net_eth_to_udp{hdr,_payload,len}() helpers
> 
>  fs/nfs.c         | 11 +++++++----
>  fs/tftp.c        |  9 +++++----
>  include/net.h    | 21 +++++++--------------
>  net/dhcp.c       | 16 +++++++++-------
>  net/dns.c        |  9 ++++++---
>  net/fastboot.c   | 25 ++++++++++++++++---------
>  net/net.c        | 40 ++++++++++++++++++++++++++++++++++++++++
>  net/netconsole.c |  7 +++++--
>  net/sntp.c       | 14 +++++++++-----
>  9 files changed, 104 insertions(+), 48 deletions(-)
> ---
> base-commit: 0933e8f2ebf0d91dfcf177a4e4292b02921a53f1
> change-id: 20260402-net-eth-do-udp-327f4e65ddd5
> 
> Best regards,

-- 
Pengutronix e.K.                  |                             |
Steuerwalder Str. 21              | http://www.pengutronix.de/  |
31137 Hildesheim, Germany         | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686  | Fax:   +49-5121-206917-5555 |

More information about the barebox mailing list