|
 |
88d8557 |
From b0f59f7eff93afc032b5edd7a78bdf72cb677ea2 Mon Sep 17 00:00:00 2001
|
|
|
bc092b9 |
From: Mark Salter <msalter@redhat.com>
|
|
|
bc092b9 |
Date: Tue, 7 Mar 2017 18:26:17 -0500
|
|
|
88d8557 |
Subject: [PATCH 149/194] Fix malformed tftp packets
|
|
|
bc092b9 |
|
|
|
bc092b9 |
0088-Normalize-slashes-in-tftp-paths.patch collapses multiple contiguous
|
|
|
bc092b9 |
slashes in a filename into one slash in the tftp packet filename field.
|
|
|
bc092b9 |
However, the packet buffer pointer is advanced using the original name.
|
|
|
bc092b9 |
This leaves unitialized data between the name field and the type field
|
|
|
bc092b9 |
leading to tftp errors. Use the length of the normalized name to avoid
|
|
|
bc092b9 |
this.
|
|
|
bc092b9 |
|
|
|
bc092b9 |
Signed-off-by: Mark Salter <msalter@redhat.com>
|
|
|
bc092b9 |
---
|
|
|
bc092b9 |
grub-core/net/tftp.c | 4 ++--
|
|
|
bc092b9 |
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
bc092b9 |
|
|
|
bc092b9 |
diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c
|
|
|
bc092b9 |
index 5ca0a96a6..dcd824943 100644
|
|
|
bc092b9 |
--- a/grub-core/net/tftp.c
|
|
|
bc092b9 |
+++ b/grub-core/net/tftp.c
|
|
|
bc092b9 |
@@ -360,8 +360,8 @@ tftp_open (struct grub_file *file, const char *filename)
|
|
|
bc092b9 |
/* Copy and normalize the filename to work-around issues on some tftp
|
|
|
bc092b9 |
servers when file names are being matched for remapping. */
|
|
|
bc092b9 |
grub_normalize_filename (rrq, filename);
|
|
|
bc092b9 |
- rrqlen += grub_strlen (filename) + 1;
|
|
|
bc092b9 |
- rrq += grub_strlen (filename) + 1;
|
|
|
bc092b9 |
+ rrqlen += grub_strlen (rrq) + 1;
|
|
|
bc092b9 |
+ rrq += grub_strlen (rrq) + 1;
|
|
|
bc092b9 |
|
|
|
bc092b9 |
grub_strcpy (rrq, "octet");
|
|
|
bc092b9 |
rrqlen += grub_strlen ("octet") + 1;
|
|
|
bc092b9 |
--
|
|
|
88d8557 |
2.13.5
|
|
|
bc092b9 |
|