Page MenuHomeFreeBSD
Differential D57075

tftpd: Add missing bounds checks
ClosedPublic
Actions

Authored by des on May 18 2026, 9:34 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Jun 20, 1:57 AM
Unknown Object (File)
Thu, Jun 18, 4:50 AM
Unknown Object (File)
Thu, Jun 11, 1:43 AM
Unknown Object (File)
Mon, Jun 8, 6:39 AM
Unknown Object (File)
Sun, Jun 7, 1:24 PM
Unknown Object (File)
Sun, Jun 7, 1:19 PM
Unknown Object (File)
Sun, Jun 7, 12:17 PM
Unknown Object (File)
Sun, Jun 7, 12:13 PM
View All 37 Files
Subscribers
imp

Details

Reviewers
markj
Commits
rG2d9d04064354: tftpd: Add missing bounds checks
rGdd9272210d45: tftpd: Add missing bounds checks
rG933893771344: tftpd: Add missing bounds checks
Summary

In send_[rw]rq(), we were using strlcpy() to avoid overflowing our
packet buffer, then failing to check the result and blithely advancing
our pointer by the full length.

Luckily, this code is only ever used by tftp(1), not tftpd(8).

MFC after: 1 week

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 73207
Build 70090: arc lint + arc unit

Event Timeline

des created this revision.May 18 2026, 9:34 PM
Herald added a subscriber: imp. · View Herald TranscriptMay 18 2026, 9:34 PM
des requested review of this revision.May 18 2026, 9:34 PM
Harbormaster completed remote builds in B73205: Diff 178043.May 18 2026, 9:35 PM
des added a parent revision: D57074: tftp: Add test case with over-long URL.May 18 2026, 9:35 PM
des added a child revision: D57076: tftpd: Simplify packet drop macro.
des updated this revision to Diff 178045.May 18 2026, 9:38 PM

typo

Harbormaster completed remote builds in B73207: Diff 178045.May 18 2026, 9:38 PM
markj added inline comments.May 19 2026, 1:19 PM
libexec/tftpd/tftp-io.c
195

Shouldn't this be >=?

201

Same here and below.

des added inline comments.May 19 2026, 8:22 PM
libexec/tftpd/tftp-io.c
195

Correct, I forgot to adjust it after removing the termination code.

des updated this revision to Diff 178132.May 19 2026, 8:28 PM

fix

Harbormaster completed remote builds in B73235: Diff 178132.May 19 2026, 8:28 PM
des marked 2 inline comments as done.May 19 2026, 8:31 PM
markj accepted this revision.May 19 2026, 8:48 PM
This revision is now accepted and ready to land.May 19 2026, 8:48 PM
Closed by commit rG933893771344: tftpd: Add missing bounds checks (authored by des). · Explain WhyMay 22 2026, 5:58 PM
This revision was automatically updated to reflect the committed changes.
des added a commit: rG933893771344: tftpd: Add missing bounds checks.
des added a commit: rGdd9272210d45: tftpd: Add missing bounds checks.Wed, May 27, 9:04 AM
des added a commit: rG2d9d04064354: tftpd: Add missing bounds checks.

Revision Contents
Changeset List

PathSize
libexec/
tftpd/
62 lines

Diff 178045

View Options

libexec/tftpd/tftp-io.c

Loading...