I think the security check to invalidate ALL write requests was just a little

excessive, and violates the specification defined in the manpage to boot.
1995-02-26 23:28:00 +00:00 · 1995-02-26 23:28:00 +00:00 · 23adc6b882
commit 23adc6b882
parent f3fb4d806f
1 changed files with 2 additions and 2 deletions
--- a/libexec/tftpd/tftpd.c
+++ b/libexec/tftpd/tftpd.c
@ -375,11 +375,11 @@ validate_access(filep, mode)

 		/*
 		 * Relative file name: search the approved locations for it.
-		 * Don't allow write requests or ones that avoid directory
+		 * Don't allow write requests that avoid directory
 		 * restrictions.
 		 */

-		if (mode != RRQ || !strncmp(filename, "../", 3))
+		if (!strncmp(filename, "../", 3))
 			return (EACCESS);

 		/*