[PATCH v2 2/2] tftp: ignore trailing garbage in the request

[Aaro Koskinen]

The firmware in some HP PA-RISC boxes is always sending fixed
512-byte requests, and sometimes there is some garbage at the end
which makes busybox to reject the request. Ignore any characters after
the last NUL.

Signed-off-by: Aaro Koskinen <aaro.koskinen at iki.fi>
---
 networking/tftp.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/networking/tftp.c b/networking/tftp.c
index de616b7..fb0dbb2 100644
--- a/networking/tftp.c
+++ b/networking/tftp.c
@@ -757,7 +757,7 @@ int tftpd_main(int argc UNUSED_PARAM, char **argv)
 {
 	len_and_sockaddr *our_lsa;
 	len_and_sockaddr *peer_lsa;
-	char *local_file, *mode, *user_opt;
+	char *local_file, *mode, *user_opt, *last_nul;
 	const char *error_msg;
 	int opt, result, opcode;
 	IF_FEATURE_TFTP_BLOCKSIZE(int blksize = TFTP_BLKSIZE_DEFAULT;)
@@ -799,7 +799,7 @@ int tftpd_main(int argc UNUSED_PARAM, char **argv)
 
 	error_msg = "malformed packet";
 	opcode = ntohs(*(uint16_t*)G.block_buf);
-	if (result < 4 || G.block_buf[result-1] != '\0'
+	if (result < 4 || !(last_nul = memrchr(G.block_buf + 3, 0, result - 3))
 	 || (IF_FEATURE_TFTP_PUT(opcode != TFTP_RRQ) /* not download */
 	     IF_GETPUT(&&)
 	     IF_FEATURE_TFTP_GET(opcode != TFTP_WRQ) /* not upload */
@@ -807,6 +807,7 @@ int tftpd_main(int argc UNUSED_PARAM, char **argv)
 	) {
 		goto err;
 	}
+	result = last_nul - G.block_buf + 1; /* limit the result to last NUL */
 	local_file = G.block_buf + 2;
 	if (local_file[0] == '.' || strstr(local_file, "/.")) {
 		error_msg = "dot in file name";
-- 
2.0.3