https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200500
Bug ID: 200500
Summary: libstand/tftp.c recvtftp() is broken for large files
Product: Base System
Version: 11.0-CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: freebsd-bugs@FreeBSD.org
Reporter: tso...@me.com
The tftp th_block is unsigned short, but tftp code in libstand is tracking
transaction id's with struct iodesc field xid, which is long. In case of large
files, the transaction id will reset to 0 but current code will miss it as it
does compare short int with long int.
the fix is simple:
--- a/libstand/tftp.c
+++ b/libstand/tftp.c
@@ -200,7 +200,7 @@ recvtftp(struct tftp_handle *h, void *pkt, ssize_t len,
time_t tleft,
case DATA: {
int got;
- if (htons(t->th_block) != d->xid) {
+ if (htons(t->th_block) != (u_short) d->xid) {
/*
* Expected block?
*/
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
freebsd-bugs@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
