diff options
author | Kenneth R Westerback <krw@cvs.openbsd.org> | 2009-03-02 00:00:57 +0000 |
---|---|---|
committer | Kenneth R Westerback <krw@cvs.openbsd.org> | 2009-03-02 00:00:57 +0000 |
commit | ae3d668f2b1517a7b1d3b2f33933e6699fc6cb81 (patch) | |
tree | 7ba27aaed1a04c911b74783caa65c0d9ef71f576 | |
parent | 19342c0a1fd50c5130e405b195e94eb0fdb2c7b2 (diff) |
Send valid ERROR packets to prematurely terminate a transfer.
According to RFC1350 there should be always be a terminating NUL.
Andre Gillibert on bugs@ pointed out that the misformed packets
caused Gentoo Linux's tftpd (atftpd) to crash trying to transfer
pxeboot to an OpenBSD machine.
This is slightly different diff than the one proposed by Andre, but
he confirms it also fixes the problem.
"looks like a better diff to me" deraadt@.
-rw-r--r-- | sys/lib/libsa/tftp.c | 5 | ||||
-rw-r--r-- | sys/lib/libsa/tftp.h | 3 |
2 files changed, 5 insertions, 3 deletions
diff --git a/sys/lib/libsa/tftp.c b/sys/lib/libsa/tftp.c index 9cbce92b217..dd570551724 100644 --- a/sys/lib/libsa/tftp.c +++ b/sys/lib/libsa/tftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tftp.c,v 1.2 2004/04/02 04:39:51 deraadt Exp $ */ +/* $OpenBSD: tftp.c,v 1.3 2009/03/02 00:00:56 krw Exp $ */ /* $NetBSD: tftp.c,v 1.15 2003/08/18 15:45:29 dsl Exp $ */ /* @@ -239,6 +239,7 @@ tftp_terminate(struct tftp_handle *h) char *wtail; bzero(&wbuf, sizeof(wbuf)); + wtail = (char *) &wbuf.t.th_data; if (h->islastblock) { wbuf.t.th_opcode = htons((u_short) ACK); @@ -246,8 +247,8 @@ tftp_terminate(struct tftp_handle *h) } else { wbuf.t.th_opcode = htons((u_short) ERROR); wbuf.t.th_code = htons((u_short) ENOSPACE); /* ??? */ + wtail++; /* ERROR data is a string, thus needs NUL. */ } - wtail = (char *) &wbuf.t.th_data; (void) sendudp(h->iodesc, &wbuf.t, wtail - (char *) &wbuf.t); } diff --git a/sys/lib/libsa/tftp.h b/sys/lib/libsa/tftp.h index a041a859a20..3cfc4ddba85 100644 --- a/sys/lib/libsa/tftp.h +++ b/sys/lib/libsa/tftp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: tftp.h,v 1.2 2004/04/02 04:39:51 deraadt Exp $ */ +/* $OpenBSD: tftp.h,v 1.3 2009/03/02 00:00:56 krw Exp $ */ /* $NetBSD: tftp.h,v 1.3 2003/08/07 16:32:30 agc Exp $ */ /* @@ -81,6 +81,7 @@ struct tftphdr { char tu_stuff[1]; /* request packet stuff */ } th_u; char th_data[1]; /* data or error string */ + /* [1] because space needed for NUL. */ }; #define th_block th_u.tu_block |