Changeset 3621 in MondoRescue for branches/3.3/mindi-busybox/networking/tftp.c


Ignore:
Timestamp:
Dec 20, 2016, 4:07:32 PM (7 years ago)
Author:
Bruno Cornec
Message:

New 3?3 banch for incorporation of latest busybox 1.25. Changing minor version to handle potential incompatibilities.

Location:
branches/3.3
Files:
1 edited
1 copied

Legend:

Unmodified
Added
Removed

  • branches/3.3/mindi-busybox/networking/tftp.c

    r3232 r3621  
    5252
    5353#include "libbb.h"
     54#include "common_bufsiz.h"
    5455#include <syslog.h>
    5556
     
    118119    uint8_t error_pkt[4 + 32];
    119120    struct passwd *pw;
    120     /* used in tftpd_main(), a bit big for stack: */
    121     char block_buf[TFTP_BLKSIZE_DEFAULT];
     121    /* Used in tftpd_main() for initial packet */
     122    /* Some HP PA-RISC firmware always sends fixed 516-byte requests */
     123    char block_buf[516];
     124    char block_buf_tail[1];
    122125#if ENABLE_FEATURE_TFTP_PROGRESS_BAR
    123126    off_t pos;
     
    127130#endif
    128131} FIX_ALIASING;
    129 #define G (*(struct globals*)&bb_common_bufsiz1)
    130 struct BUG_G_too_big {
    131     char BUG_G_too_big[sizeof(G) <= COMMON_BUFSIZE ? 1 : -1];
    132 };
    133 #define INIT_G() do { } while (0)
     132#define G (*(struct globals*)bb_common_bufsiz1)
     133#define INIT_G() do { \
     134    setup_common_bufsiz(); \
     135    BUILD_BUG_ON(sizeof(G) > COMMON_BUFSIZE); \
     136} while (0)
    134137
    135138#define G_error_pkt_reason (G.error_pkt[3])
     
    347350            block_nr = 0;
    348351        }
    349 
    350352    } else { /* tftp */
    351353        /* Open file (must be after changing user) */
     
    758760    len_and_sockaddr *our_lsa;
    759761    len_and_sockaddr *peer_lsa;
    760     char *local_file, *mode, *user_opt;
     762    char *mode, *user_opt;
     763    char *local_file = local_file;
    761764    const char *error_msg;
    762765    int opt, result, opcode;
     
    794797    }
    795798
    796     result = recv_from_to(STDIN_FILENO, G.block_buf, sizeof(G.block_buf),
     799    result = recv_from_to(STDIN_FILENO,
     800            G.block_buf, sizeof(G.block_buf) + 1,
     801            /* ^^^ sizeof+1 to reliably detect oversized input */
    797802            0 /* flags */,
    798803            &peer_lsa->u.sa, &our_lsa->u.sa, our_lsa->len);
     
    800805    error_msg = "malformed packet";
    801806    opcode = ntohs(*(uint16_t*)G.block_buf);
    802     if (result < 4 || result >= sizeof(G.block_buf)
    803      || G.block_buf[result-1] != '\0'
     807    if (result < 4 || result > sizeof(G.block_buf)
     808    /*|| G.block_buf[result-1] != '\0' - bug compatibility, see below */
    804809     || (IF_FEATURE_TFTP_PUT(opcode != TFTP_RRQ) /* not download */
    805810         IF_GETPUT(&&)
     
    809814        goto err;
    810815    }
     816    /* Some HP PA-RISC firmware always sends fixed 516-byte requests,
     817     * with trailing garbage.
     818     * Support that by not requiring NUL to be the last byte (see above).
     819     * To make strXYZ() ops safe, force NUL termination:
     820     */
     821    G.block_buf_tail[0] = '\0';
     822
    811823    local_file = G.block_buf + 2;
    812824    if (local_file[0] == '.' || strstr(local_file, "/.")) {
Note: See TracChangeset for help on using the changeset viewer.