[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lwip-devel] [patch #9626] TFTP Server should make sure filename is \0 t
From: |
Malte |
Subject: |
[lwip-devel] [patch #9626] TFTP Server should make sure filename is \0 terminated |
Date: |
Wed, 25 Apr 2018 11:55:51 -0400 (EDT) |
User-agent: |
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 |
URL:
<http://savannah.nongnu.org/patch/?9626>
Summary: TFTP Server should make sure filename is \0
terminated
Project: lwIP - A Lightweight TCP/IP stack
Submitted by: malte
Submitted on: Wed 25 Apr 2018 03:55:50 PM UTC
Category: Contrib
Priority: 5 - Normal
Status: None
Privacy: Public
Assigned to: None
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Planned Release: None
_______________________________________________________
Details:
Hi,
the TFTP server copies the filename into the local buffer "filename". However
only the length of the string is copied, so if the filename is \0 terminated
depends on the uninitialized data of the buffer.
Example: assuming a filename of one char:
pbuf_memfind will set filename_end_offset = 3
3-2=1 -> only one char without \0 will be copied.
The attached patch should fix the issue by copying \0 too.
_______________________________________________________
File Attachments:
-------------------------------------------------------
Date: Wed 25 Apr 2018 03:55:50 PM UTC Name: tftp_serverNull.patch Size: 822B
By: malte
<http://savannah.nongnu.org/patch/download.php?file_id=44030>
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/patch/?9626>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/
- [lwip-devel] [patch #9626] TFTP Server should make sure filename is \0 terminated,
Malte <=