Date: Sun, 18 Feb 2018 03:38:53 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 225996] tftpd(8): tftpd doesn't abort on a WRQ access violation Message-ID: <bug-225996-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=225996 Bug ID: 225996 Summary: tftpd(8): tftpd doesn't abort on a WRQ access violation Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: bin Assignee: freebsd-bugs@FreeBSD.org Reporter: asomers@FreeBSD.org On a WRQ (write request) tftpd checks whether the client has access permission for the file in question. If not, then the write is prevented. However, tftpd doesn't reply with an ERROR packet, nor does it abort. Instead, it tries to receive the packet anyway. The bug is in tftp_wrq() at line 543. There is no error handling for ecode != 0. The symptom is slightly different depending on the nature of the error. If the target file is nonexistent and tftpd lacks permission to create it, then tftpd will willingly receive the file, but not write it anywhere. If the file exists but is not writable, then tftpd will fail to ACK to WRQ. tftp> put small.txt nonexistent Try 1, didn't receive answer from remote. Sent 7 bytes during 5.1 seconds in 1 blocks tftp> put small.txt small.txt Timeout #1 on ACK 1 Timeout #3 on ACK 1 Timeout #5 send ACK 1 giving up -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-225996-8>