[Qemu-devel] The TFTP server has the Sourcerer's Apprentice bug

From: H. Peter Anvin
Subject: [Qemu-devel] The TFTP server has the Sourcerer's Apprentice bug
Date: Sun, 02 Aug 2009 15:18:21 -0700
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1b3pre) Gecko/20090513 Fedora/3.0-2.3.beta2.fc11 Thunderbird/3.0b2


I was investigating a failure to TFTP boot, and I found that the TFTP
server in Qemu has the Sourcerer's Apprentice bug (see RFC 1123, section  Specifically, it is *required* that the sending side:

a) MUST NOT retransmit in response to a duplicated ACK.
b) MUST retransmit based on timeouts.

(a) is trivial to fix, but (b) requires a little more knowledge of the
internals than I'm willing to devote my Sunday afternoon to fixing...


H. Peter Anvin, Intel Open Source Technology Center
I work for Intel.  I don't speak on their behalf.

