breeze/inetutils
1
0
Fork 0
mirror of https://git.savannah.gnu.org/git/inetutils.git synced 2026-01-12 00:19:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

tftp: Ignore excess arguments

Browse Source 
When given too many arguments to a command at the tftp cli,
the buffer used to hold the arguments would overflow.  This
could result in a crash.

The problem was reported by AiDai in
<https://lists.gnu.org/archive/html/bug-inetutils/2021-12/msg00018.html>.

This commit fixes the test failure in the previously added
file "tests/tftp-regressions.sh".

* NEWS: Mention fix.
* src/tftp.c (makeargv): Do not overflow argument buffer.
This commit is contained in:
Erik Auerswald
2022-09-11 15:12:26 +02:00
parent a5ef727816
commit fa6d2bce50
2 changed files with 15 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/tftp.c
View File

@@ -122,7 +122,10 @@ static int fromatty;
char mode[32];
char line[200];
int margc;
char *margv[20];
#define TFTP_MAX_ARGS 20
char *margv[TFTP_MAX_ARGS];
char *prompt = "tftp";
jmp_buf toplevel;
void intr (int signo);
@@ -914,6 +917,11 @@ makeargv (void)
cp++;
if (*cp == '\0')
break;
if (margc + 1 >= TFTP_MAX_ARGS)
{
fprintf (stderr, "Ignoring excess arguments.\n");
break;
}
*argp++ = cp;
margc += 1;
while (*cp != '\0' && !isspace (*cp))