From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ravik Hasija <rahasij@linux.microsoft.com>
Date: Thu, 4 Jun 2020 10:51:16 -0700 (MST)
Subject: [PATCH v4] net: tftp: Add client support for RFC 7440
In-Reply-To: <CAGi-RU+nyqjQWqouObKjDtmYn+5bsPMjCvKw-VPW8iHDPNWE4w@mail.gmail.com>
References: <20200519192557.18075-1-rfried.dev@gmail.com>
 <1591152886830-0.post@n7.nabble.com>
 <CAGi-RU+nyqjQWqouObKjDtmYn+5bsPMjCvKw-VPW8iHDPNWE4w@mail.gmail.com>
Message-ID: <1591293076068-0.post@n7.nabble.com>
List-Id: <u-boot.lists.denx.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: u-boot@lists.denx.de


On Wed, Jun 3, 2020 at 5:55 AM Ravik Hasija &lt;rahasij at .microsoft&gt;
wrote:
>
> Ramon Fried-4 wrote
> > +                     if (strcmp((char *)pkt + i,  "windowsize") == 0) {
> > For servers that doesnt support windowsize option the above check could
> > result in accessing memory outside of valid range. Please check if
> (i+11)
> > < len before comparing the strings.
> This is the same handling as all other possible configurations,
> following the same code.
> I agree that this needs reworking, but I'll do it in a different patch
> all together.

Yes, the other options need to be fixed as well. However, we should fix
(i+11)<len in this patch itself, and restructure others, and windowsize (if
needed) in a different patch, since the tftpd (commonly used for TFTP
server) does not support windowsize option while it supports other options
(tsize,blksize,timeout etc.), and there is a high chance that the client
code might crash in that case.

&lt;/quote>




--
Sent from: http://u-boot.10912.n7.nabble.com/