|
 |
15a2072 |
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
|
15a2072 |
From: Mark Salter <msalter@redhat.com>
|
|
|
15a2072 |
Date: Tue, 7 Mar 2017 18:26:17 -0500
|
|
|
15a2072 |
Subject: [PATCH] Fix malformed tftp packets
|
|
|
15a2072 |
|
|
|
15a2072 |
0088-Normalize-slashes-in-tftp-paths.patch collapses multiple contiguous
|
|
|
15a2072 |
slashes in a filename into one slash in the tftp packet filename field.
|
|
|
15a2072 |
However, the packet buffer pointer is advanced using the original name.
|
|
|
15a2072 |
This leaves unitialized data between the name field and the type field
|
|
|
15a2072 |
leading to tftp errors. Use the length of the normalized name to avoid
|
|
|
15a2072 |
this.
|
|
|
15a2072 |
|
|
|
15a2072 |
Signed-off-by: Mark Salter <msalter@redhat.com>
|
|
|
15a2072 |
---
|
|
|
15a2072 |
grub-core/net/tftp.c | 4 ++--
|
|
|
15a2072 |
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
15a2072 |
|
|
|
15a2072 |
diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c
|
|
|
15a2072 |
index 5ca0a96a6f6..dcd82494309 100644
|
|
|
15a2072 |
--- a/grub-core/net/tftp.c
|
|
|
15a2072 |
+++ b/grub-core/net/tftp.c
|
|
|
15a2072 |
@@ -360,8 +360,8 @@ tftp_open (struct grub_file *file, const char *filename)
|
|
|
15a2072 |
/* Copy and normalize the filename to work-around issues on some tftp
|
|
|
15a2072 |
servers when file names are being matched for remapping. */
|
|
|
15a2072 |
grub_normalize_filename (rrq, filename);
|
|
|
15a2072 |
- rrqlen += grub_strlen (filename) + 1;
|
|
|
15a2072 |
- rrq += grub_strlen (filename) + 1;
|
|
|
15a2072 |
+ rrqlen += grub_strlen (rrq) + 1;
|
|
|
15a2072 |
+ rrq += grub_strlen (rrq) + 1;
|
|
|
15a2072 |
|
|
|
15a2072 |
grub_strcpy (rrq, "octet");
|
|
|
15a2072 |
rrqlen += grub_strlen ("octet") + 1;
|