[PATCH v2 01/13] net: tftp: Increase TFTP pkt string length to include null character

[Chintan Vankar]

To append a string to a tftp pkt, "tftp_send()" API invokes "sprintf()"
function which copies a string excluding a null character causing TFTP
not-null terminated string error. Increase TFTP pkt string by 1 to avoid
this error.

Signed-off-by: Chintan Vankar <c-vankar at ti.com>
---

Link to v1:
https://lore.kernel.org/r/20250107093840.2211381-2-c-vankar@ti.com/

Changes from v1 to v2:
-> Updated commit message.

 net/tftp.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/net/tftp.c b/net/tftp.c
index fd9c9492929..420ea9ecf6c 100644
--- a/net/tftp.c
+++ b/net/tftp.c
@@ -347,11 +347,11 @@ static void tftp_send(void)
 		pkt += strlen((char *)pkt) + 1;
 #ifdef CONFIG_TFTP_TSIZE
 		pkt += sprintf((char *)pkt, "tsize%c%u%c",
-				0, net_boot_file_size, 0);
+				0, net_boot_file_size, 0) + 1;
 #endif
 		/* try for more effic. blk size */
 		pkt += sprintf((char *)pkt, "blksize%c%d%c",
-				0, tftp_block_size_option, 0);
+				0, tftp_block_size_option, 0) + 1;
 
 		/* try for more effic. window size.
 		 * Implemented only for tftp get.
@@ -359,7 +359,7 @@ static void tftp_send(void)
 		 */
 		if (tftp_state == STATE_SEND_RRQ && tftp_window_size_option > 1)
 			pkt += sprintf((char *)pkt, "windowsize%c%d%c",
-					0, tftp_window_size_option, 0);
+					0, tftp_window_size_option, 0) + 1;
 		len = pkt - xp;
 		break;
 
-- 
2.34.1