Author: asomers
Date: Sat Mar 10 01:50:43 2018
New Revision: 330720
URL: https://svnweb.freebsd.org/changeset/base/330720
Log:
tftpd: reject unknown opcodes
If tftpd receives a command with an unknown opcode, it simply exits 1. It
doesn't send an ERROR packet, and the client will hang waiting for one. Fix
it.
PR: 226005
MFC after: 3 weeks
Modified:
head/libexec/tftpd/tests/functional.c
head/libexec/tftpd/tftpd.c
Modified: head/libexec/tftpd/tests/functional.c
==============================================================================
--- head/libexec/tftpd/tests/functional.c Sat Mar 10 01:43:55 2018
(r330719)
+++ head/libexec/tftpd/tests/functional.c Sat Mar 10 01:50:43 2018
(r330720)
@@ -677,7 +677,6 @@ TFTPD_TC_DEFINE(unknown_opcode,)
{
/* Looks like an RRQ or WRQ request, but with a bad opcode */
SEND_STR("\0\007foo.txt\0octet\0");
- atf_tc_expect_timeout("PR 226005 tftpd ignores bad opcodes but doesn't
reject them");
RECV_ERROR(4, "Illegal TFTP operation");
}
Modified: head/libexec/tftpd/tftpd.c
==============================================================================
--- head/libexec/tftpd/tftpd.c Sat Mar 10 01:43:55 2018 (r330719)
+++ head/libexec/tftpd/tftpd.c Sat Mar 10 01:50:43 2018 (r330720)
@@ -421,8 +421,7 @@ main(int argc, char *argv[])
"%s read access denied", peername);
exit(1);
}
- }
- if (tp->th_opcode == WRQ) {
+ } else if (tp->th_opcode == WRQ) {
if (allow_wo)
tftp_wrq(peer, tp->th_stuff, n - 1);
else {
@@ -430,7 +429,8 @@ main(int argc, char *argv[])
"%s write access denied", peername);
exit(1);
}
- }
+ } else
+ send_error(peer, EBADOP);
exit(1);
}
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "[email protected]"
