diff options
| author |   krw <krw@openbsd.org> | 2009-03-02 00:00:56 +0000 |
|---|---|---|
| committer | krw <krw@openbsd.org> | 2009-03-02 00:00:56 +0000 |
| commit | 07d35e5df61ff19b900fe978900035cd6c44f0e2 (patch) | |
| tree | 0c3412bf30721d09b44bcfbdb7c0f2daf4f38823 /sys/lib/libsa/tftp.c | |
| parent | Switch more info printfs to debug. The average user doesn't want to see (diff) | |
| download | wireguard-openbsd-07d35e5df61ff19b900fe978900035cd6c44f0e2.tar.xz wireguard-openbsd-07d35e5df61ff19b900fe978900035cd6c44f0e2.zip | |
Send valid ERROR packets to prematurely terminate a transfer.
According to RFC1350 there should be always be a terminating NUL.
Andre Gillibert on bugs@ pointed out that the misformed packets
caused Gentoo Linux's tftpd (atftpd) to crash trying to transfer
pxeboot to an OpenBSD machine.
This is slightly different diff than the one proposed by Andre, but
he confirms it also fixes the problem.
"looks like a better diff to me" deraadt@.
Diffstat (limited to 'sys/lib/libsa/tftp.c')
| -rw-r--r-- | sys/lib/libsa/tftp.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/sys/lib/libsa/tftp.c b/sys/lib/libsa/tftp.c index 9cbce92b217..dd570551724 100644 --- a/sys/lib/libsa/tftp.c +++ b/sys/lib/libsa/tftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tftp.c,v 1.2 2004/04/02 04:39:51 deraadt Exp $ */ +/* $OpenBSD: tftp.c,v 1.3 2009/03/02 00:00:56 krw Exp $ */ /* $NetBSD: tftp.c,v 1.15 2003/08/18 15:45:29 dsl Exp $ */ /* @@ -239,6 +239,7 @@ tftp_terminate(struct tftp_handle *h) char *wtail; bzero(&wbuf, sizeof(wbuf)); + wtail = (char *) &wbuf.t.th_data; if (h->islastblock) { wbuf.t.th_opcode = htons((u_short) ACK); @@ -246,8 +247,8 @@ tftp_terminate(struct tftp_handle *h) } else { wbuf.t.th_opcode = htons((u_short) ERROR); wbuf.t.th_code = htons((u_short) ENOSPACE); /* ??? */ + wtail++; /* ERROR data is a string, thus needs NUL. */ } - wtail = (char *) &wbuf.t.th_data; (void) sendudp(h->iodesc, &wbuf.t, wtail - (char *) &wbuf.t); } |