Commit Graph

115 Commits

Author SHA1 Message Date
Alan Somers
76e8e459e4 tftpd: Fix data corruption bug with netascii
Transferring files in netascii format requires, among other things,
translating all CR characters to a CR,NUL pair. tftpd does this correctly
except when the CR occurs as the last octet of a packet. In that case, it
erroneously drops the NUL which should be part of the following packet. The
bug was caused by using 0 as a sentinel value in a variable that could
legitimately hold 0. Fix it by switching the sentinel value to -1.

PR:		178055
Reported by:	Richard <rsitze@gmail.com>
Reviewed by:	cem
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D16853
2018-08-22 23:31:27 +00:00
Alan Somers
ca2d3691c3 Fix several Coverity warnings in tftp
Some of the changes are in the libexec/tftpd directory, but to functions that
are only used by tftp(1) (they share some code).

* strcpy => strlcpy (1006793, 1006794, 1006796, 1006741)
* Unchecked return value and TOCTTOU (1009314)
* NULL pointer dereference (1018035, 1018036)

Reported by:	Coverity
CID:		1006793, 1006794, 1006796, 1006741, 1009314, 1018035
CID:		1018036
MFC after:	2 weeks
2018-07-22 17:10:12 +00:00
Alan Somers
3c0fa26534 Fix multiple Coverity warnings in tftpd(8)
* Initialize uninitialized variable (CID 1006502)
* strcpy => strlcpy (CID 1006792, 1006791, 1006790)
* Check function return values (CID 1009442, 1009441, 1009440)
* Delete dead code in receive_packet (not reported by Coverity)
* Remove redundant alarm(3) in receive_packet (not reported by Coverity)

Reported by:	Coverity
CID: 1006502, 1006792, 1006791, 1006790, 1009442, 1009441, 1009440
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D11287
2018-07-22 16:14:30 +00:00
Alan Somers
7378015b69 tftpd(8): when completing an WRQ, flush the file before acknowleding receipt
tftpd(8) should flush a newly written file to disk before ACKing the final DATA
packet.  Otherwise there is a narrow race window when a subsequent read may not
see the file.  This is somewhat related to r330710, but the race window is much
smaller.  Hopefully this will fix the intermittent tests in Jenkins.

Reported by:	Jenkins
MFC after:	2 weeks
2018-07-21 19:48:31 +00:00
Alan Somers
ad5c8bd63a tftpd: misc Coverity cleanup in the tests
A bunch of unchecked return values from open(2) and read(2)

Reported by:	Coverity
CID:		1386900, 1386911, 1386926, 1386928, 1386932, 1386942
CID:		1386961, 1386979
MFC after:	8 days
X-MFC-With:	330696
2018-03-22 14:51:05 +00:00
Alan Somers
f270fabc2b tftpd: fix the build of tests on i386 after 330696
It's those darn printf format specifiers again

Reported by:	cy, kibab
MFC after:	20 days
X-MFC-With:	330696
2018-03-10 18:07:31 +00:00
Alan Somers
6301d64774 tftpd: reject unknown opcodes
If tftpd receives a command with an unknown opcode, it simply exits 1.  It
doesn't send an ERROR packet, and the client will hang waiting for one.  Fix
it.

PR:		226005
MFC after:	3 weeks
2018-03-10 01:50:43 +00:00
Alan Somers
b7da179e96 tftpd: Abort on an WRQ access violation
On a WRQ (write request) tftpd checks whether the client has access
permission for the file in question.  If not, then the write is prevented.
However, tftpd doesn't reply with an ERROR packet, nor does it abort.
Instead, it tries to receive the packet anyway.

The symptom is slightly different depending on the nature of the error.  If
the target file is nonexistent and tftpd lacks permission to create it, then
tftpd will willingly receive the file, but not write it anywhere.  If the
file exists but is not writable, then tftpd will fail to ACK to WRQ.

PR:		225996
MFC after:	3 weeks
2018-03-10 01:43:55 +00:00
Alan Somers
d89aca7618 tftpd: Verify world-writability for WRQ when using relative paths
tftpd(8) says that files may only be written if they already exist and are
publicly writable.  tftpd.c verifies that a file is publicly writable if it
uses an absolute pathname.  However, if the pathname is relative, that check
is skipped.  Fix it.

Note that this is not a security vulnerability, because the transfer
ultimately doesn't work unless the file already exists and is owned by user
nobody.  Also, this bug does not affect the default configuration, because
the default uses the "-s" option which makes all pathnames absolute.

PR:		226004
MFC after:	3 weeks
2018-03-10 01:35:26 +00:00
Alan Somers
d3953c1f47 tftpd: Flush files as soon as they are fully received
On an RRQ, tftpd doesn't exit as soon as it's finished receiving a file.
Instead, it waits five seconds just in case the client didn't receive the
server's last ACK and decides to resend the final DATA packet.
Unfortunately, this created a 5 second delay from when the client thinks
it's done sending the file, and when the file is available for other
processes.

Fix this bug by closing the file as soon as receipt is finished.

PR:			157700
Reported by:		Barry Mishler <barry_mishler@yahoo.com>
MFC after:		3 weeks
2018-03-09 23:25:18 +00:00
Alan Somers
888651fcd9 Add some functional tests for tftpd(8)
tftpd(8) is difficult to test in isolation due to its relationship with
inetd.  Create a test program that mimics the behavior of tftp(1) and
inetd(8) and verifies tftpd's response in several different scenarios.

These test cases cover all of the basic TFTP protocol, but not the optional
parts.

PR:		157700
PR:		225996
PR:		226004
PR:		226005
MFC after:	3 weeks
Differential Revision:	https://reviews.freebsd.org/D14310
2018-03-09 15:30:20 +00:00
Pedro F. Giffuni
e6209940de libexec: adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

No functional change intended.
2017-11-27 15:25:02 +00:00
Pedro F. Giffuni
8a16b7a18f General further adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 3-Clause license.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.
2017-11-20 19:49:47 +00:00
Bryan Drewery
ea825d0274 DIRDEPS_BUILD: Update dependencies.
Sponsored by:	Dell EMC Isilon
2017-10-31 00:07:04 +00:00
Enji Cooper
4eb4663b0e Conditionalize all code that uses tcpd.h behind LIBWRAP guard
This will allow the code to stand by itself without libwrap

MFC after:	2 weeks
2017-01-06 04:27:07 +00:00
Simon J. Gerraty
ccfb965433 Add META_MODE support.
Off by default, build behaves normally.
WITH_META_MODE we get auto objdir creation, the ability to
start build from anywhere in the tree.

Still need to add real targets under targets/ to build packages.

Differential Revision:       D2796
Reviewed by: brooks imp
2015-06-13 19:20:56 +00:00
Simon J. Gerraty
44d314f704 dirdeps.mk now sets DEP_RELDIR 2015-06-08 23:35:17 +00:00
Simon J. Gerraty
98e0ffaefb Merge sync of head 2015-05-27 01:19:58 +00:00
Baptiste Daroussin
ee5a34ecba Convert to LIBADD
Reduce overlinking
2014-11-25 21:18:18 +00:00
Simon J. Gerraty
fae50821ae Updated dependencies 2014-05-16 14:09:51 +00:00
Simon J. Gerraty
76b28ad6ab Updated dependencies 2014-05-10 05:16:28 +00:00
Simon J. Gerraty
3b8f084595 Merge head 2014-04-28 07:50:45 +00:00
Christian Brueffer
5efaea4cc6 Remove the 3rd clause ("advertising clause") of the BSD license as
permitted by the University of Berkeley on July 22, 1999.

Reviewed by:	imp
MFC after:	1 week
2014-02-17 22:27:32 +00:00
Simon J. Gerraty
7cf3a1c6b2 Updated dependencies 2013-03-11 17:21:52 +00:00
Simon J. Gerraty
f5f7c05209 Updated dependencies 2013-02-16 01:23:54 +00:00
David E. O'Brien
d9a447559b Sync with HEAD. 2013-02-08 16:10:16 +00:00
Marius Strobl
b713097ae3 Mark tftp_log() as __printflike() (which would have caught the bug
fixed in r246106) and deal with the fallout.

MFC after:	2 weeks
2013-01-31 00:02:36 +00:00
Sean Bruno
663a6522a7 Remove extra %s from debug statement that ends up crashing tftpd if
debug is set very high (like -d15 in my case).

Obtained from:	Yahoo! Inc
MFC after:      2 weeks
2013-01-30 01:36:04 +00:00
Antoine Brodin
3496d72c48 Use correct size in snprintf.
Remove unused buffer.

PR:		174631
Submitted by:	Henning Petersen
MFC after:	1 month
2012-12-25 17:06:05 +00:00
Simon J. Gerraty
23090366f7 Sync from head 2012-11-04 02:52:03 +00:00
Eitan Adler
50e04779c4 Check the return error of set[e][ug]id. While this can never fail in the
current version of FreeBSD, this isn't guarenteed by the API.
Custom security modules, or future implementations of the setuid and
setgid may fail.

Submitted by:	Erik Cederstrand
Approved by:	cperciva
MFC after:	3 days
2012-10-22 03:07:05 +00:00
Ed Schouten
ae824d80f2 Fix warnings found by -Wmising-variable-declarations.
This self-written compiler warning, which is hopefully going to be
committed into LLVM sources soon, warns about potentially missing
`static' keywords, similar to -Wmissing-prototypes.

- bin/pax: Move external declaration of chdname and s_mask into extern.h.
- bin/setfacl: Move setfacl.c-specific stuff out of setfacl.h.
- sbin/mount_fusefs: Remove char *progname; use getprogname().
- others: add `static' where possible.
2012-10-19 05:43:38 +00:00
Marcel Moolenaar
7750ad47a9 Sync FreeBSD's bmake branch with Juniper's internal bmake branch.
Requested by: Simon Gerraty <sjg@juniper.net>
2012-08-22 19:25:57 +00:00
Joel Dahl
9c282daafc mdoc: Only use macros inside a reference block. 2012-05-23 20:29:16 +00:00
Marcel Moolenaar
fab3e10ec3 Properly use LDADD & DPADD to link against libwrap. 2012-05-19 05:10:47 +00:00
Eitan Adler
50d675f7a9 Remove trailing whitespace per mdoc lint warning
Disussed with:	gavin
No objection from:	doc
Approved by:	joel
MFC after:	3 days
2012-03-29 05:02:12 +00:00
Ed Maste
9a2856b439 Avoid error log for transfer stop w/o error code.
A number of tftp clients, including the one in Intel's pxe boot loader,
may intentionally stop a transfer using error code 0 (i.e., EUNDEF).
These are not real errors.  Avoid spamming log files with these by
logging them at level LOG_DEBUG instead.

Discussed on -hackers with an initial patch proposal; this change is an
improved approach suggested by kan@.
2012-02-21 14:59:07 +00:00
Eitan Adler
3e519b7cc1 Fix warning when compiling with gcc46:
error: variable 'bp' set but not use

Approved by:	dim
MFC After:	3 days
2012-01-10 02:55:35 +00:00
Ulrich Spörlein
1acf0dba17 Spelling fixes for libexec/ 2012-01-07 16:09:54 +00:00
Craig Rodrigues
46d20cbcf1 Pull in some wording to the tftpd.8 man page
from NetBSD, with some slight changes:

=========================================================================================
http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/tftpd/tftpd.8?only_with_tag=MAIN#rev1.22

Revision 1.22 or diffs], Fri Jan 8 21:05:14 2010 UTC (18 months, 2 weeks ago) by christos

Patrick Welche <prlw1@cam.ac.uk>
    - add -p pathsep option
    - make wrap to zero work, but produce a warning
While here:
    - fix gcc warnings, in particular variable clobbered warnings
      (compiling with fewer warnings does not really fix the problem)
=========================================================================================

These wording changes clarify the default rollover behavior
as a "kludge".  Also, the block numbers and octet counts for 65535 blocks
and 32767 blocks are more accurate than the existing documented numbers.

Requested by:   Pawan Gupta <pawang at juniper dot net>
Obtained from:  Juniper Networks
Approved by:    re (kib)
2011-07-31 03:18:36 +00:00
Craig Rodrigues
38bd7db313 In the old TFTP server, there was an undocumented behavior where
the block counter would rollover to 0 if a file larger
than 65535 blocks was transferred.  With the default block size
of 512 octets per block, this is a file size of approximately 32 megabytes.

The new TFTP server code would report an error and stop transferring
the file if a file was larger than 65535 blocks.

This patch restores the old TFTP server's behavior to the new
TFTP server code.  If a TFTP client transfers a file larger
than 65535 blocks, and does *not* specify the "rollover" option,
then automatically rollover the block counter to 0 every time
we reach 65535 blocks.

This restores interoperability with the FreeBSD 6 TFTP client.
Without this change, if a FreeBSD 6 TFTP client tried to
retrieve a file larger than 65535 blocks from a FreeBSD 9 TFTP server
, the transfer would fail.
The same file could be retrieved successfully if the same FreeBSD 6
TFTP client was used against a FreeBSD 6 TFTP server.

Approved by:  re (kib)
Tested by: Pawan Gupta <pawang at juniper dot net>,
Obtained from:  Juniper Networks
2011-07-31 03:12:20 +00:00
Craig Rodrigues
f6c506d9cf Acknowledge Edwin Groothuis for the major rewrite he
did of the tftpd and tftp code to support TFTP blocksize.
2011-06-24 05:41:38 +00:00
Craig Rodrigues
14de21443e Bring back synchnet() implementation from older
tftp implementation.  The synchnet() function
was converted to a no-op when the new TFTP implementation
was committed to FreeBSD.  However, this function, as it was
in the older code, is needed
in order to synchronize between the tftpd server and tftp clients,
which may be buggy.

Specifically, we had a buggy TFTP client which would send
TFTP ACK packets for non-TFTP packets, which would cause
the count of packets to get out of whack, causing transfers
to fail with the new TFTPD implementation.

Obtained from:  Juniper Networks
Submitted by: Santhanakrishnan Balraj <sbalraj at juniper dot net>
2011-06-24 02:56:24 +00:00
Craig Rodrigues
957af43f83 Update references to RFC's that the newer TFTP implementation supports. 2011-06-22 23:25:24 +00:00
Craig Rodrigues
7e321ae384 Fix typo.
Reported by: Nick Mann <njm at njm dot me dot uk>
2011-06-22 22:05:37 +00:00
Craig Rodrigues
a1aea88a5c Clarify tftpd's -d flag in the new TFTP implementation.
Bump date.
2011-06-22 21:53:45 +00:00
Craig Rodrigues
e5660633d3 Clarify that the TFTP blocksize (RFC2348) or non-standard
TFTP rollover option can be used to transfer larger files.
2011-06-16 02:27:05 +00:00
Craig Rodrigues
3b6bd978f0 Fix tftp_log() usage. 2011-05-26 20:32:33 +00:00
Rebecca Cran
b1ce21c6ef Fix typos.
PR:	bin/148894
Submitted by:	olgeni
2010-11-09 10:59:09 +00:00
Xin LI
86a04a0cc7 Use a defined FreeBSD version.
MFC after:	3 days
2010-10-06 18:20:39 +00:00