summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKenneth R Westerback <krw@cvs.openbsd.org>2009-03-02 00:00:57 +0000
committerKenneth R Westerback <krw@cvs.openbsd.org>2009-03-02 00:00:57 +0000
commitae3d668f2b1517a7b1d3b2f33933e6699fc6cb81 (patch)
tree7ba27aaed1a04c911b74783caa65c0d9ef71f576
parent19342c0a1fd50c5130e405b195e94eb0fdb2c7b2 (diff)
Send valid ERROR packets to prematurely terminate a transfer.
According to RFC1350 there should be always be a terminating NUL. Andre Gillibert on bugs@ pointed out that the misformed packets caused Gentoo Linux's tftpd (atftpd) to crash trying to transfer pxeboot to an OpenBSD machine. This is slightly different diff than the one proposed by Andre, but he confirms it also fixes the problem. "looks like a better diff to me" deraadt@.
-rw-r--r--sys/lib/libsa/tftp.c5
-rw-r--r--sys/lib/libsa/tftp.h3
2 files changed, 5 insertions, 3 deletions
diff --git a/sys/lib/libsa/tftp.c b/sys/lib/libsa/tftp.c
index 9cbce92b217..dd570551724 100644
--- a/sys/lib/libsa/tftp.c
+++ b/sys/lib/libsa/tftp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tftp.c,v 1.2 2004/04/02 04:39:51 deraadt Exp $ */
+/* $OpenBSD: tftp.c,v 1.3 2009/03/02 00:00:56 krw Exp $ */
/* $NetBSD: tftp.c,v 1.15 2003/08/18 15:45:29 dsl Exp $ */
/*
@@ -239,6 +239,7 @@ tftp_terminate(struct tftp_handle *h)
char *wtail;
bzero(&wbuf, sizeof(wbuf));
+ wtail = (char *) &wbuf.t.th_data;
if (h->islastblock) {
wbuf.t.th_opcode = htons((u_short) ACK);
@@ -246,8 +247,8 @@ tftp_terminate(struct tftp_handle *h)
} else {
wbuf.t.th_opcode = htons((u_short) ERROR);
wbuf.t.th_code = htons((u_short) ENOSPACE); /* ??? */
+ wtail++; /* ERROR data is a string, thus needs NUL. */
}
- wtail = (char *) &wbuf.t.th_data;
(void) sendudp(h->iodesc, &wbuf.t, wtail - (char *) &wbuf.t);
}
diff --git a/sys/lib/libsa/tftp.h b/sys/lib/libsa/tftp.h
index a041a859a20..3cfc4ddba85 100644
--- a/sys/lib/libsa/tftp.h
+++ b/sys/lib/libsa/tftp.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tftp.h,v 1.2 2004/04/02 04:39:51 deraadt Exp $ */
+/* $OpenBSD: tftp.h,v 1.3 2009/03/02 00:00:56 krw Exp $ */
/* $NetBSD: tftp.h,v 1.3 2003/08/07 16:32:30 agc Exp $ */
/*
@@ -81,6 +81,7 @@ struct tftphdr {
char tu_stuff[1]; /* request packet stuff */
} th_u;
char th_data[1]; /* data or error string */
+ /* [1] because space needed for NUL. */
};
#define th_block th_u.tu_block