diff options
author | Grant Likely <grant.likely@secretlab.ca> | 2007-08-29 18:26:24 -0600 |
---|---|---|
committer | Wolfgang Denk <wd@denx.de> | 2007-08-30 09:16:16 +0200 |
commit | 8f1bc28408ded213418d9bc0780c7d8fb8a03774 (patch) | |
tree | fbc2ccfd74de779645192fdcafd1a1e09f92bb85 /lib_i386 | |
parent | d4a68f40a0389bb688477acfd23e957cb19443ad (diff) |
tftp: don't implicity trust the format of recevied packets
The TFTP OACK code trusts that the incoming packet is formated as
ASCII text and can be processed by string functions. It also has a
loop limit overflow bug where if the packet length is less than 8, it
ends up looping over *all* of memory to find the 'blksize' string.
This patch solves the problem by forcing the packet to be null
terminated and using strstr() to search for the sub string.
Signed-off-by: Grant Likely <grant.likely@secretlab.ca>
Diffstat (limited to 'lib_i386')
0 files changed, 0 insertions, 0 deletions