Date: Thu, 28 May 2015 19:50:15 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 200500] libstand/tftp.c recvtftp() is broken for large files Message-ID: <bug-200500-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200500 Bug ID: 200500 Summary: libstand/tftp.c recvtftp() is broken for large files Product: Base System Version: 11.0-CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: tsoome@me.com The tftp th_block is unsigned short, but tftp code in libstand is tracking transaction id's with struct iodesc field xid, which is long. In case of large files, the transaction id will reset to 0 but current code will miss it as it does compare short int with long int. the fix is simple: --- a/libstand/tftp.c +++ b/libstand/tftp.c @@ -200,7 +200,7 @@ recvtftp(struct tftp_handle *h, void *pkt, ssize_t len, time_t tleft, case DATA: { int got; - if (htons(t->th_block) != d->xid) { + if (htons(t->th_block) != (u_short) d->xid) { /* * Expected block? */ -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-200500-8>