On Wed, Jun 3, 2020 at 5:55 AM Ravik Hasija <rahasij@.microsoft>
wrote:
>
> Ramon Fried-4 wrote
> > + if (strcmp((char *)pkt + i, "windowsize") == 0) {
> > For servers that doesnt support windowsize option the above check could
> > result in accessing memory outside of valid range. Please check if
> (i+11)
> > < len before comparing the strings.
> This is the same handling as all other possible configurations,
> following the same code.
> I agree that this needs reworking, but I'll do it in a different patch
> all together.
Yes, the other options need to be fixed as well. However, we should fix
(i+11)<len in this patch itself, and restructure others, and windowsize (if
needed) in a different patch, since the tftpd (commonly used for TFTP
server) does not support windowsize option while it supports other options
(tsize,blksize,timeout etc.), and there is a high chance that the client
code might crash in that case.
</quote>
--
Sent from: http://u-boot.10912.n7.nabble.com/
