robin.thoni
/
ipxe
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 11 Wiki Activity
Browse Source

[tftp] Guard against invalid data block numbers 

A TFTP DATA packet with a block number of zero (representing a
negative offset within the file) could potentially cause problems.
Fixed by explicitly rejecting such packets.

Identified by Stefan Hajnoczi <stefanha@gmail.com>.
tags/v0.9.7
Michael Brown 15 years ago
parent
e65afc4b10
commit
6711ce18a7
1 changed files with 5 additions and 0 deletions
Unified View Show Diff Stats
  1. 5
    0
      src/net/udp/tftp.c

+ 5
- 0
src/net/udp/tftp.c View File

741 
 		rc = -EINVAL;
 741 
 		rc = -EINVAL;
742 
 		goto done;
 742 
 		goto done;
743 
 	}
 743 
 	}
744 
+	if ( data->block == 0 ) {
745 
+		DBGC ( tftp, "TFTP %p received data block 0\n", tftp );
746 
+		rc = -EINVAL;
747 
+		goto done;
748 
+	}
744
749
745 
 	/* Extract data */
 750 
 	/* Extract data */
746 
 	block = ( ntohs ( data->block ) - 1 );
 751 
 	block = ( ntohs ( data->block ) - 1 );

Write Preview
Loading…
Cancel
Save