moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-11-15 22:15:13 -05:00
Code Issues Releases Wiki Activity

tftp: use the current blksize for recvfrom()

Browse Source 
bug: https://curl.haxx.se/docs/CVE-2019-5436.html
Reported-by: l00p3r on hackerone
CVE-2019-5436
This commit is contained in:
Daniel Stenberg 2019-05-03 22:20:37 +02:00
parent 9a87fe704e
commit 2576003415
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/tftp.c
View File

@ -1009,7 +1009,7 @@ static CURLcode tftp_connect(struct connectdata *conn, bool *done)
state->sockfd = state->conn->sock[FIRSTSOCKET];
state->state = TFTP_STATE_START;
state->error = TFTP_ERR_NONE;
state->blksize = TFTP_BLKSIZE_DEFAULT;
state->blksize = blksize;
state->requested_blksize = blksize;
((struct sockaddr *)&state->local_addr)->sa_family =