git: 99cbf1f6d7d2 - stable/15 - tftp: Add test case with over-long URL

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Dag-Erling Smørgrav <des_at_FreeBSD.org>
Date: Wed, 27 May 2026 09:03:33 UTC
The branch stable/15 has been updated by des:

URL: https://cgit.FreeBSD.org/src/commit/?id=99cbf1f6d7d263ec276e7c4955f3c64f1a3bf24b

commit 99cbf1f6d7d263ec276e7c4955f3c64f1a3bf24b
Author:     Dag-Erling Smørgrav <des@FreeBSD.org>
AuthorDate: 2026-05-22 17:57:27 +0000
Commit:     Dag-Erling Smørgrav <des@FreeBSD.org>
CommitDate: 2026-05-27 09:03:21 +0000

    tftp: Add test case with over-long URL
    
    This adds a test case that passes a very long URL on the command line,
    which would previously have resulted in a benign buffer overflow in
    urihandling(), detectable only by compiling tftp with ASAN enabled.
    
    MFC after:      1 week
    Reviewed by:    markj
    Differential Revision:  https://reviews.freebsd.org/D57074
    
    (cherry picked from commit b94689d036c5f5bdc04d080ff7dd5d0e9df9b8d4)
---
 usr.bin/tftp/tests/tftp_test.sh | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/usr.bin/tftp/tests/tftp_test.sh b/usr.bin/tftp/tests/tftp_test.sh
index a4c9f3b898e7..12c008b2c78c 100644
--- a/usr.bin/tftp/tests/tftp_test.sh
+++ b/usr.bin/tftp/tests/tftp_test.sh
@@ -442,6 +442,29 @@ tftp_url_ipv6_cleanup() {
 	stop_tftpd
 }
 
+atf_test_case tftp_url_long cleanup
+tftp_url_long_head() {
+	atf_set "descr" "Very long URL"
+	atf_set "require.user" "root"
+}
+tftp_url_long_body() {
+	start_tftpd
+	mkdir "${tftp_dir}/subdirectory"
+	local remote_file="${tftp_dir}/hello.txt"
+	echo "Hello, $$!" >"${remote_file}"
+	local local_file="${remote_file##*/}"
+	local d="subdirectory/../"
+	d="${d}${d}${d}${d}${d}${d}${d}${d}"
+	d="${d}${d}${d}${d}${d}${d}${d}${d}"
+	d="${d}${d}${d}${d}${d}${d}${d}${d}"
+	atf_check -s exit:1 -o match:"Illegal TFTP operation" \
+	    tftp "tftp://localhost/${d}${remote_file##*/}"
+	atf_check -s exit:1 test -f "${local_file}"
+}
+tftp_url_long_cleanup() {
+	stop_tftpd
+}
+
 atf_init_test_cases() {
 	atf_add_test_case tftp_get_big
 	atf_add_test_case tftp_get_host
@@ -462,4 +485,5 @@ atf_init_test_cases() {
 	atf_add_test_case tftp_url_host
 	atf_add_test_case tftp_url_ipv4
 	atf_add_test_case tftp_url_ipv6
+	atf_add_test_case tftp_url_long
 }