[Bug 225996] tftpd(8): tftpd doesn't abort on a WRQ access violation
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sun Feb 18 03:38:54 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=225996
Bug ID: 225996
Summary: tftpd(8): tftpd doesn't abort on a WRQ access
violation
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: bin
Assignee: freebsd-bugs at FreeBSD.org
Reporter: asomers at FreeBSD.org
On a WRQ (write request) tftpd checks whether the client has access permission
for the file in question. If not, then the write is prevented. However, tftpd
doesn't reply with an ERROR packet, nor does it abort. Instead, it tries to
receive the packet anyway. The bug is in tftp_wrq() at line 543. There is no
error handling for ecode != 0.
The symptom is slightly different depending on the nature of the error. If the
target file is nonexistent and tftpd lacks permission to create it, then tftpd
will willingly receive the file, but not write it anywhere. If the file exists
but is not writable, then tftpd will fail to ACK to WRQ.
tftp> put small.txt nonexistent
Try 1, didn't receive answer from remote.
Sent 7 bytes during 5.1 seconds in 1 blocks
tftp> put small.txt small.txt
Timeout #1 on ACK 1
Timeout #3 on ACK 1
Timeout #5 send ACK 1 giving up
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list