d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

tftp: Fix buffer overflow and fd leak in multi-file PUT.

Browse Source 
Sponsored by:	Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D37422
This commit is contained in:
Dag-Erling Smørgrav 2022-11-17 17:15:04 +01:00
parent bc5708c0e2
commit 9f9544fd92
1 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
usr.bin/tftp/main.c
View File

@ -445,7 +445,7 @@ put(int argc, char *argv[])
{
int fd;
int n;
char *cp, *targ;
char *cp, *targ, *path;
char line[MAXLINE];
struct stat sb;
@ -507,26 +507,32 @@ put(int argc, char *argv[])
}
/* this assumes the target is a directory */
/* on a remote unix system. hmmmm. */
cp = strchr(targ, '\0');
*cp++ = '/';
for (n = 1; n < argc - 1; n++) {
strcpy(cp, tail(argv[n]));
if (asprintf(&path, "%s/%s", targ, tail(argv[n])) < 0)
err(1, "malloc");
fd = open(argv[n], O_RDONLY);
if (fd < 0) {
warn("%s", argv[n]);
free(path);
continue;
}
if (fstat(fd, &sb) < 0) {
warn("%s", argv[n]);
close(fd);
free(path);
continue;
}
asprintf(&options[OPT_TSIZE].o_request, "%ju", sb.st_size);
if (verbose)
printf("putting %s to %s:%s [%s]\n",
argv[n], hostname, targ, mode);
xmitfile(peer, port, fd, targ, mode);
argv[n], hostname, path, mode);
xmitfile(peer, port, fd, path, mode);
close(fd);
free(path);
}
}