From nobody Thu Apr 25 18:36:27 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VQPhD04vSz5JJBK; Thu, 25 Apr 2024 18:36:28 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4VQPhC56ljz4YXP; Thu, 25 Apr 2024 18:36:27 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1714070187; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=k80qAh0Bf21vaCQrJ61OwzBRiPVaM0P/MM4aY2o8YaI=; b=db38KYzgMhkCmGo+kU0E8x1KkWF1MoKgTSHjULxmQteNu0wS87RxJ9DfEgCXN740iWqOWj 9rmy/3AV7MLAzRFWvbm9c+c4W91TvXPFjOUNbeQsGDone+QwP8UwQm5He5B1+ZQ5mrLV2m AeuXMBzC1Y4m45nFwBlIkVcBTaVIHbbgghzNpHCkptFI+gfZ/kdiwC3ORfLoFHLojYN4vv cGZOMaEXPmbjscPtChyGNmxdM8DdksAl4ar86q71h2Vrmo2KjvqkU9Es94cnMO/vEyQ0Sd lQdJ2HvCedNrSV9ucQzfkRpOuhR5fLiYgIAARRC5c6W7EXMgeKOkf3q6FE5qyQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1714070187; a=rsa-sha256; cv=none; b=naDdBDOR3WNq2zfERBfQ7aLvkoBXkzV4SAwpQQ6NVx5IYCldnsFBEa7yidorogCQZHHj6Z STsWFLpdSOXxWPZSzVAMuYC5YyLXFhonSMDQgu3SFMvidk6iCZmP7nYjWYt79190tXl8fE NsUMcNzk1HgJuCPwGTzMBANhIabHr5g+t3iXN/j26mg/CZPKYluTbMPIz4TJJtLzb0d+QH 0wb2MQwRNnPGGBKx+daZ3JYx8jNQqxQZbOMndXf430BC5WaqRdCBHWwRJTh1KfeWEReXxO dIAxWEMLnGvGOFCnPF5JlXiYwx80GOwIq+SxVEQNciw8by1Kcc54o9GhzjSddQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1714070187; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=k80qAh0Bf21vaCQrJ61OwzBRiPVaM0P/MM4aY2o8YaI=; b=gXsDX5EA+fV4RT7tRORPfqtWc1+11kmb/5Uno/0hkd9WQGXOFf8k0gqjHBiQmr8LreiZXm Kt1+VNry6NgLYub9TXLeeVx+DBoxVsvEc+N5Vqp5mhnJiuGhFRRhzIXqOlECoONG4VV993 kjpvqYQK0uheysmCc+77LehMJp6TE5EqQOydc59IGgyE6+gcz0OuC/8KaenQqRzARHa4+3 iJPpxIptSj27gaWVMk+fKbxCBWMsMgAzaWpM88J07C+Kf5fON5d/kIfMsId6nJp1IH8d9L MP7io5keWZo0GDrICpL+hL0qtpPZOsSWVjgPhLPrIn6qKtp5BXciiBNGrnDPnw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4VQPhC4bKSz18fd; Thu, 25 Apr 2024 18:36:27 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 43PIaRGs032934; Thu, 25 Apr 2024 18:36:27 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 43PIaRJ0032931; Thu, 25 Apr 2024 18:36:27 GMT (envelope-from git) Date: Thu, 25 Apr 2024 18:36:27 GMT Message-Id: <202404251836.43PIaRJ0032931@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Dag-Erling =?utf-8?Q?Sm=C3=B8rgrav?= Subject: git: 9f231af307b8 - main - tftpd: Immediately reject any request shorter than 4 bytes. List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: des X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 9f231af307b80eb222d9761bbd81fa4e130bb3d7 Auto-Submitted: auto-generated The branch main has been updated by des: URL: https://cgit.FreeBSD.org/src/commit/?id=9f231af307b80eb222d9761bbd81fa4e130bb3d7 commit 9f231af307b80eb222d9761bbd81fa4e130bb3d7 Author: Dag-Erling Smørgrav AuthorDate: 2024-04-25 18:35:28 +0000 Commit: Dag-Erling Smørgrav CommitDate: 2024-04-25 18:36:13 +0000 tftpd: Immediately reject any request shorter than 4 bytes. MFC after: 1 week Sponsored by: Klara, Inc. Reviewed by: kevans Differential Revision: https://reviews.freebsd.org/D44957 --- libexec/tftpd/tests/functional.c | 19 +++++++++++++++++++ libexec/tftpd/tftpd.c | 5 +++++ 2 files changed, 24 insertions(+) diff --git a/libexec/tftpd/tests/functional.c b/libexec/tftpd/tests/functional.c index 3b70962854ba..d3d2f46ffdee 100644 --- a/libexec/tftpd/tests/functional.c +++ b/libexec/tftpd/tests/functional.c @@ -1219,6 +1219,22 @@ TFTPD_TC_DEFINE(wrq_window_rfc7440,) require_bufeq(contents, sizeof(contents), buffer, (size_t)r); } +/* + * Send less than four bytes + */ +TFTPD_TC_DEFINE(short_packet1, /* no head */, exitcode = 1) +{ + SEND_STR("\1"); +} +TFTPD_TC_DEFINE(short_packet2, /* no head */, exitcode = 1) +{ + SEND_STR("\1\2"); +} +TFTPD_TC_DEFINE(short_packet3, /* no head */, exitcode = 1) +{ + SEND_STR("\1\2\3"); +} + /* * Main @@ -1256,6 +1272,9 @@ ATF_TP_ADD_TCS(tp) TFTPD_TC_ADD(tp, wrq_small); TFTPD_TC_ADD(tp, wrq_truncate); TFTPD_TC_ADD(tp, wrq_window_rfc7440); + TFTPD_TC_ADD(tp, short_packet1); + TFTPD_TC_ADD(tp, short_packet2); + TFTPD_TC_ADD(tp, short_packet3); return (atf_no_error()); } diff --git a/libexec/tftpd/tftpd.c b/libexec/tftpd/tftpd.c index 45e7344c86ed..13f53024b147 100644 --- a/libexec/tftpd/tftpd.c +++ b/libexec/tftpd/tftpd.c @@ -228,6 +228,11 @@ main(int argc, char *argv[]) } getnameinfo((struct sockaddr *)&peer_sock, peer_sock.ss_len, peername, sizeof(peername), NULL, 0, NI_NUMERICHOST); + if ((size_t)n < 4 /* tftphdr */) { + tftp_log(LOG_ERR, "Rejecting %zd-byte request from %s", + n, peername); + exit(1); + } /* * Now that we have read the message out of the UDP