[PATCH v4] net: tftp: Add client support for RFC 7440

Ravik Hasija rahasij at linux.microsoft.com
Thu Jun 4 19:51:16 CEST 2020


On Wed, Jun 3, 2020 at 5:55 AM Ravik Hasija <rahasij at .microsoft>
wrote:
>
> Ramon Fried-4 wrote
> > +                     if (strcmp((char *)pkt + i,  "windowsize") == 0) {
> > For servers that doesnt support windowsize option the above check could
> > result in accessing memory outside of valid range. Please check if
> (i+11)
> > < len before comparing the strings.
> This is the same handling as all other possible configurations,
> following the same code.
> I agree that this needs reworking, but I'll do it in a different patch
> all together.

Yes, the other options need to be fixed as well. However, we should fix
(i+11)<len in this patch itself, and restructure others, and windowsize (if
needed) in a different patch, since the tftpd (commonly used for TFTP
server) does not support windowsize option while it supports other options
(tsize,blksize,timeout etc.), and there is a high chance that the client
code might crash in that case.

</quote>




--
Sent from: http://u-boot.10912.n7.nabble.com/


More information about the U-Boot mailing list