[PATCH v2 2/2] tftp: ignore trailing garbage in the request
Aaro Koskinen
aaro.koskinen at iki.fi
Mon Sep 1 20:24:16 UTC 2014
The firmware in some HP PA-RISC boxes is always sending fixed
512-byte requests, and sometimes there is some garbage at the end
which makes busybox to reject the request. Ignore any characters after
the last NUL.
Signed-off-by: Aaro Koskinen <aaro.koskinen at iki.fi>
---
networking/tftp.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/networking/tftp.c b/networking/tftp.c
index de616b7..fb0dbb2 100644
--- a/networking/tftp.c
+++ b/networking/tftp.c
@@ -757,7 +757,7 @@ int tftpd_main(int argc UNUSED_PARAM, char **argv)
{
len_and_sockaddr *our_lsa;
len_and_sockaddr *peer_lsa;
- char *local_file, *mode, *user_opt;
+ char *local_file, *mode, *user_opt, *last_nul;
const char *error_msg;
int opt, result, opcode;
IF_FEATURE_TFTP_BLOCKSIZE(int blksize = TFTP_BLKSIZE_DEFAULT;)
@@ -799,7 +799,7 @@ int tftpd_main(int argc UNUSED_PARAM, char **argv)
error_msg = "malformed packet";
opcode = ntohs(*(uint16_t*)G.block_buf);
- if (result < 4 || G.block_buf[result-1] != '\0'
+ if (result < 4 || !(last_nul = memrchr(G.block_buf + 3, 0, result - 3))
|| (IF_FEATURE_TFTP_PUT(opcode != TFTP_RRQ) /* not download */
IF_GETPUT(&&)
IF_FEATURE_TFTP_GET(opcode != TFTP_WRQ) /* not upload */
@@ -807,6 +807,7 @@ int tftpd_main(int argc UNUSED_PARAM, char **argv)
) {
goto err;
}
+ result = last_nul - G.block_buf + 1; /* limit the result to last NUL */
local_file = G.block_buf + 2;
if (local_file[0] == '.' || strstr(local_file, "/.")) {
error_msg = "dot in file name";
--
2.0.3
More information about the busybox
mailing list