Page MenuHomeFreeBSD
Differential D57072

tftp: Replace fgets with getline
ClosedPublic
Actions

Authored by des on Mon, May 18, 9:34 PM.
Tags
None
Referenced Files
F157590194: D57072.id178137.diff
Sat, May 23, 3:38 AM
F157579995: D57072.id178144.diff
Sat, May 23, 1:17 AM
F157576065: D57072.id178040.diff
Sat, May 23, 12:08 AM
F157572229: D57072.id178131.diff
Fri, May 22, 11:15 PM
F157536582: D57072.diff
Fri, May 22, 1:40 PM
Unknown Object (File)
Thu, May 21, 4:29 PM
Unknown Object (File)
Tue, May 19, 8:34 PM
Unknown Object (File)
Tue, May 19, 1:03 PM
View All 9 Files
Subscribers
imp

Details

Reviewers
markj
Commits
rG5fd928cf1cef: tftp: Replace fgets with getline
Summary

MFC after: 1 week

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

des created this revision.Mon, May 18, 9:34 PM
Herald added a subscriber: imp. · View Herald TranscriptMon, May 18, 9:34 PM
des requested review of this revision.Mon, May 18, 9:34 PM
Harbormaster completed remote builds in B73202: Diff 178040.Mon, May 18, 9:34 PM
des added a parent revision: D57071: tftp: Close files when we're done with them.Mon, May 18, 9:34 PM
des added a child revision: D57073: tftp: Style cleanup.
markj added inline comments.Tue, May 19, 1:13 PM
usr.bin/tftp/main.c
341

Why make these static? If the function is called more than once, the buffer pointed to by line would be invalidated. It's hard to convince myself that that won't lead to a UAF somewhere else.

343–344

line is uninitalized (well, NULL) here, and even if not, the getline() is going to discard the existing string.

429–430

Same here and further below.

des added inline comments.Tue, May 19, 2:50 PM
usr.bin/tftp/main.c
341

Some of these functions get called multiple times in a single session, and this allows them to reuse their own private line. None of them are reentrant, so this reuse is safe.

343–344

my mistake, we shouldn't be using makeargv() at all here.

des added inline comments.Tue, May 19, 3:00 PM
usr.bin/tftp/main.c
635

This could never work btw, after makeargv() the value would be in argv[2], not argv[1].

des updated this revision to Diff 178131.Tue, May 19, 8:28 PM

fix

Harbormaster completed remote builds in B73234: Diff 178131.Tue, May 19, 8:28 PM
des marked 3 inline comments as done.Tue, May 19, 8:31 PM
markj accepted this revision.Tue, May 19, 9:08 PM
markj added inline comments.
usr.bin/tftp/main.c
341

I don't see how you know it's safe. For instance, look at the assignment to port below. argv[2] is going to be a pointer into the line buffer, and that buffer might get freed later on if setpeer() is called again, so port becomes a dangling pointer.

That said, I don't understand how that works at all today either. It looks like port should be reset to NULL in the argc != 3 case, at the very least.

This revision is now accepted and ready to land.Tue, May 19, 9:08 PM
des added inline comments.Tue, May 19, 9:21 PM
usr.bin/tftp/main.c
341

Oh, I didn't realize it was being assigned to a global variable. Yes, port here is a problem for several reasons, including the fact that it does not get reset if you first do connect host1 port1 and then connect host2. It should really be managed by setpeer0().

des updated this revision to Diff 178137.Tue, May 19, 9:25 PM

rf

This revision now requires review to proceed.Tue, May 19, 9:25 PM
Harbormaster completed remote builds in B73240: Diff 178137.Tue, May 19, 9:25 PM
markj added inline comments.Tue, May 19, 9:28 PM
usr.bin/tftp/main.c
334

I think this will break the default case (lport = "tftp") unfortunately: look at how xmitfile() handles port == NULL.

des edited parent revisions, added: D57105: tftp: Fix handling of port name or number; removed: D57071: tftp: Close files when we're done with them.Tue, May 19, 9:58 PM
des marked an inline comment as done.
des added inline comments.
usr.bin/tftp/main.c
334

moved to D57105

des updated this revision to Diff 178144.Tue, May 19, 9:59 PM
des marked an inline comment as done.

port issues fixed in D57105

Harbormaster completed remote builds in B73246: Diff 178144.Tue, May 19, 9:59 PM
des marked an inline comment as done.Tue, May 19, 10:00 PM
markj added inline comments.Fri, May 22, 1:50 PM
usr.bin/tftp/main.c
355

Doesn't this need a strdup()?

des marked an inline comment as done.Fri, May 22, 2:27 PM
des added inline comments.
usr.bin/tftp/main.c
355

uh yes but I meant to move that into setpeer0()

des marked an inline comment as done.Fri, May 22, 2:31 PM
des added inline comments.
usr.bin/tftp/main.c
355

Looks like a mismerge on my end accidentally reverted part of D57105

des updated this revision to Diff 178389.Fri, May 22, 2:31 PM

fix

Harbormaster completed remote builds in B73342: Diff 178389.Fri, May 22, 2:31 PM
markj accepted this revision.Fri, May 22, 3:01 PM
This revision is now accepted and ready to land.Fri, May 22, 3:01 PM
Closed by commit rG5fd928cf1cef: tftp: Replace fgets with getline (authored by des). · Explain WhyFri, May 22, 5:58 PM
This revision was automatically updated to reflect the committed changes.
des added a commit: rG5fd928cf1cef: tftp: Replace fgets with getline.

Revision Contents
Changeset List

PathSize
usr.bin/
tftp/
90 lines

Diff 178407

View Options

usr.bin/tftp/main.c

Loading...