david/ipxe
david
/
ipxe
Archived
1
0
Fork 0
Code

[tftp] Guard against invalid data block numbers 

A TFTP DATA packet with a block number of zero (representing a
negative offset within the file) could potentially cause problems.
Fixed by explicitly rejecting such packets.

Identified by Stefan Hajnoczi <stefanha@gmail.com>.
This commit is contained in:
Michael Brown 2009-02-01 13:07:17 +00:00
parent e65afc4b10
commit 6711ce18a7
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/net/udp/tftp.c
View File

@ -741,6 +741,11 @@ static int tftp_rx_data ( struct tftp_request *tftp,
rc = -EINVAL;
goto done;
}
if ( data->block == 0 ) {
DBGC ( tftp, "TFTP %p received data block 0\n", tftp );
rc = -EINVAL;
goto done;
}
/* Extract data */
block = ( ntohs ( data->block ) - 1 );