[PATCH v2 1/2] tftp: fix off by one error

[Aaro Koskinen]

RFC 2347 allows requests to be up to 512 bytes, so a request equal
to sizeof(G.block_buf) should be fine.

The remaining result > sizeof(G.block_buf) check would be redudant,
since the recv function should take care of not overrunning the buffer,
so delete that too.

Signed-off-by: Aaro Koskinen <aaro.koskinen at iki.fi>
---
 networking/tftp.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/networking/tftp.c b/networking/tftp.c
index 630fdaf..de616b7 100644
--- a/networking/tftp.c
+++ b/networking/tftp.c
@@ -799,8 +799,7 @@ int tftpd_main(int argc UNUSED_PARAM, char **argv)
 
 	error_msg = "malformed packet";
 	opcode = ntohs(*(uint16_t*)G.block_buf);
-	if (result < 4 || result >= sizeof(G.block_buf)
-	 || G.block_buf[result-1] != '\0'
+	if (result < 4 || G.block_buf[result-1] != '\0'
 	 || (IF_FEATURE_TFTP_PUT(opcode != TFTP_RRQ) /* not download */
 	     IF_GETPUT(&&)
 	     IF_FEATURE_TFTP_GET(opcode != TFTP_WRQ) /* not upload */
-- 
2.0.3