Hi
I have compiled ftfpd with gcc 8.3 and Glibc 2.29. I use it with
xinetd 2.3.15. When I request the server an inexistent file, the
server dies with :
*** buffer overflow detected ***
After some debugging I figured out that the error is in nack(error) at:
strcpy (tp->th_msg, pe->e_msg);
For more that I see the code, I cannot find the overflow. buff has
enough space to fetch 15 bytes, but maybe I am too old for this kind
of bugs :)
This patch fixes the problem for me:
diff --git a/src/tftpd.c b/src/tftpd.c
index 56002a0..144012f 100644
--- a/src/tftpd.c
+++ b/src/tftpd.c
@@ -864,9 +864,8 @@ nak (int error)
pe->e_msg = strerror (error - 100);
tp->th_code = EUNDEF; /* set 'undef' errorcode */
}
- strcpy (tp->th_msg, pe->e_msg);
length = strlen (pe->e_msg);
- tp->th_msg[length] = '\0';
+ memcpy(tp->th_msg, pe->e_msg, length + 1);
length += 5;
if (sendto (peer, buf, length, 0, (struct sockaddr *) &from,
fromlen) != length)
syslog (LOG_ERR, "nak: %m\n");
In case you want to take a look to it.
Best regards!
--
Ricardo Ribalda
