moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-11-16 06:25:03 -05:00
Code Issues Releases Wiki Activity

tftp: return error when packet is too small for options

Browse Source
This commit is contained in:
Thomas Vegas 2019-08-31 16:59:56 +02:00 committed by Daniel Stenberg
parent 0f37c8df12
commit 82f3ba3806
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 33 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
lib/tftp.c
View File

@ -403,13 +403,14 @@ static CURLcode tftp_parse_option_ack(tftp_state_data_t *state,
return CURLE_OK; return CURLE_OK;
} }
static size_t tftp_option_add(tftp_state_data_t *state, size_t csize, static CURLcode tftp_option_add(tftp_state_data_t *state, size_t *csize,
char *buf, const char *option) char *buf, const char *option)
{ {
if(( strlen(option) + csize + 1) > (size_t)state->blksize) if(( strlen(option) + *csize + 1) > (size_t)state->blksize)
return 0; return CURLE_TFTP_ILLEGAL;
strcpy(buf, option); strcpy(buf, option);
return strlen(option) + 1; *csize += strlen(option) + 1;
return CURLE_OK;
} }
static CURLcode tftp_connect_for_tx(tftp_state_data_t *state, static CURLcode tftp_connect_for_tx(tftp_state_data_t *state,
@ -510,26 +511,38 @@ static CURLcode tftp_send_first(tftp_state_data_t *state, tftp_event_t event)
else else
strcpy(buf, "0"); /* the destination is large enough */ strcpy(buf, "0"); /* the destination is large enough */
sbytes += tftp_option_add(state, sbytes, result = tftp_option_add(state, &sbytes,
(char *)state->spacket.data + sbytes, (char *)state->spacket.data + sbytes,
TFTP_OPTION_TSIZE); TFTP_OPTION_TSIZE);
sbytes += tftp_option_add(state, sbytes, if(result == CURLE_OK)
(char *)state->spacket.data + sbytes, buf); result = tftp_option_add(state, &sbytes,
(char *)state->spacket.data + sbytes, buf);
/* add blksize option */ /* add blksize option */
msnprintf(buf, sizeof(buf), "%d", state->requested_blksize); msnprintf(buf, sizeof(buf), "%d", state->requested_blksize);
sbytes += tftp_option_add(state, sbytes, if(result == CURLE_OK)
(char *)state->spacket.data + sbytes, result = tftp_option_add(state, &sbytes,
TFTP_OPTION_BLKSIZE); (char *)state->spacket.data + sbytes,
sbytes += tftp_option_add(state, sbytes, TFTP_OPTION_BLKSIZE);
(char *)state->spacket.data + sbytes, buf); if(result == CURLE_OK)
result = tftp_option_add(state, &sbytes,
(char *)state->spacket.data + sbytes, buf);
/* add timeout option */ /* add timeout option */
msnprintf(buf, sizeof(buf), "%d", state->retry_time); msnprintf(buf, sizeof(buf), "%d", state->retry_time);
sbytes += tftp_option_add(state, sbytes, if(result == CURLE_OK)
(char *)state->spacket.data + sbytes, result = tftp_option_add(state, &sbytes,
TFTP_OPTION_INTERVAL); (char *)state->spacket.data + sbytes,
sbytes += tftp_option_add(state, sbytes, TFTP_OPTION_INTERVAL);
(char *)state->spacket.data + sbytes, buf); if(result == CURLE_OK)
result = tftp_option_add(state, &sbytes,
(char *)state->spacket.data + sbytes, buf);
if(result != CURLE_OK) {
failf(data, "TFTP buffer too small for options");
free(filename);
return CURLE_TFTP_ILLEGAL;
}
} }
/* the typecase for the 3rd argument is mostly for systems that do /* the typecase for the 3rd argument is mostly for systems that do