[PATCH v2 1/2] tftp: fix off by one error
Aaro Koskinen
aaro.koskinen at iki.fi
Mon Sep 1 20:24:15 UTC 2014
RFC 2347 allows requests to be up to 512 bytes, so a request equal
to sizeof(G.block_buf) should be fine.
The remaining result > sizeof(G.block_buf) check would be redudant,
since the recv function should take care of not overrunning the buffer,
so delete that too.
Signed-off-by: Aaro Koskinen <aaro.koskinen at iki.fi>
---
networking/tftp.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/networking/tftp.c b/networking/tftp.c
index 630fdaf..de616b7 100644
--- a/networking/tftp.c
+++ b/networking/tftp.c
@@ -799,8 +799,7 @@ int tftpd_main(int argc UNUSED_PARAM, char **argv)
error_msg = "malformed packet";
opcode = ntohs(*(uint16_t*)G.block_buf);
- if (result < 4 || result >= sizeof(G.block_buf)
- || G.block_buf[result-1] != '\0'
+ if (result < 4 || G.block_buf[result-1] != '\0'
|| (IF_FEATURE_TFTP_PUT(opcode != TFTP_RRQ) /* not download */
IF_GETPUT(&&)
IF_FEATURE_TFTP_GET(opcode != TFTP_WRQ) /* not upload */
--
2.0.3
More information about the busybox
mailing list