Apache Commons TFTP does not reject request replies that originate from a
control port.
---------------------------------------------------------------------------------------
Key: NET-414
URL: https://issues.apache.org/jira/browse/NET-414
Project: Commons Net
Issue Type: Bug
Components: TFTP
Affects Versions: 3.0, 2.2
Environment: Java 1.6 Patch 20
Reporter: Chuck Wolber
Priority: Minor
When a TFTP request response arrives that incorrectly specifies its source port
as the control port, the request should be rejected with an error code 5
(TFTPErrorPacket.UNKNOWN_TID) and suggested text "INCORRECT SOURCE PORT".
This can happen when an incorrectly written TFTP server replies to a request
from a control socket instead of building a new socket that attaches to an
ephemeral port.
Note 1: The expected response from a read request is a DATA packet. The
expected response from a write request is an ACK packet.
Note 2: The control port is implementation specific and not always port 69 (as
defined by IANA).
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
