tftpd: Fix data corruption bug with netascii
ClosedPublic
Actions

Authored by asomers on Aug 22 2018, 10:30 PM.

Details

Reviewers

cem
imp

Commits

rS339062: MFC r338216:
rS339057: MFC r338216:
rS338216: tftpd: Fix data corruption bug with netascii

Summary

tftpd: Fix data corruption bug with netascii

Transferring files in netascii format requires, among other things, translating
all CR characters to a CR,NUL pair. tftpd does this correctly except when the
CR occurs as the last octet of a packet. In that case, it erroneously drops
the NUL which should be part of the following packet. The bug was caused by
using 0 as a sentinel value in a variable that could legitimately hold 0. Fix
it by switching the sentinel value to -1.

PR: 178055

Test Plan

Manually tested with the example file from the PR.

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Passed

Unit

No Test Coverage

Build Status

Buildable 19069
Build 18700: arc lint + arc unit

Event Timeline

asomers created this revision.Aug 22 2018, 10:30 PM

Harbormaster completed remote builds in B19069: Diff 47134.Aug 22 2018, 10:30 PM

cem added inline comments.Aug 22 2018, 11:01 PM

libexec/tftpd/tftp-file.c
162–167	Is buffer sized such that this does not overflow?
164	typo -- alllowed

asomers marked 2 inline comments as done.Aug 22 2018, 11:04 PM

asomers added inline comments.

libexec/tftpd/tftp-file.c
162–167	Yes. The buffer is fixed at the maximum segment size + 4 (in tftpd-utils.h). `count` will never be greater than the maximum segment size.
164	I"ll fix.