Date: Tue, 14 Nov 1995 22:17:47 +0100 (MET) From: Ollivier Robert <roberto@keltia.freenix.fr> To: freebsd-bugs@FreeBSD.ORG (FreeBSD Bugs' list) Subject: tftp client broken Message-ID: <199511142117.WAA08606@keltia.freenix.fr>
next in thread | raw e-mail | index | archive | help
Has anyone ever tried this on tftp: 359 [21:56] roberto@keltia:/tmp> tftp localhost warning: this program uses gets(), which is unsafe. tftp> c (to) <press return here> Segmentation fault (core dumped) Reading tftp's code, it cannot run without coredumping. When in main.c, it analyzes the arguments, it calls setpeer() to set the hostname we'll connect to. Later, when you answer <return>, it will call setpeer again but this time as there no argument, it will call gethostname(NULL) !! A friend of mine, playing with its Sun 3/80 as X-terminal call me about that. The tftp client's command handling is a mess... On a side note, it seems that our tftpd doesn't support the "-s" option to chroot() into... Here is the stack trace for tftp: Program received signal SIGSEGV, Segmentation fault. 0x12503 in strcasecmp () (gdb) where #0 0x12503 in strcasecmp () #1 0x4648 in _gethostbyhtname () #2 0x40e6 in gethostbyname () #3 0x1379 in setpeer (argc=1, argv=0x26170) at main.c:207 #4 0x2180 in command () at main.c:620 #5 0x1284 in main (argc=2, argv=0xefbfd504) at main.c:183 (gdb) frame 3 #3 0x1379 in setpeer (argc=1, argv=0x26170) at main.c:207 207 host = gethostbyname(argv[1]); (gdb) print argv[1] $1 = 0x0 (gdb) print argv $2 = (char **) 0x26170 (gdb) print argv[0] $3 = 0x261e8 "Connect" -- Ollivier ROBERT -=- The daemon is FREE! -=- roberto@keltia.frmug.fr.net FreeBSD keltia.freenix.fr 2.2-CURRENT #1: Sun Nov 12 16:47:05 MET 1995
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199511142117.WAA08606>