tftpd: Abort on an WRQ access violation
On a WRQ (write request) tftpd checks whether the client has access permission for the file in question. If not, then the write is prevented. However, tftpd doesn't reply with an ERROR packet, nor does it abort. Instead, it tries to receive the packet anyway. The symptom is slightly different depending on the nature of the error. If the target file is nonexistent and tftpd lacks permission to create it, then tftpd will willingly receive the file, but not write it anywhere. If the file exists but is not writable, then tftpd will fail to ACK to WRQ. PR: 225996 MFC after: 3 weeks
This commit is contained in:
parent
26f5519e21
commit
c29c7eb33f
@ -817,8 +817,6 @@ TFTPD_TC_DEFINE(wrq_eaccess,)
|
|||||||
close(fd);
|
close(fd);
|
||||||
|
|
||||||
SEND_WRQ("empty.txt", "octet");
|
SEND_WRQ("empty.txt", "octet");
|
||||||
atf_tc_expect_fail("PR 225996 tftpd doesn't abort on a WRQ access "
|
|
||||||
"violation");
|
|
||||||
RECV_ERROR(2, "Access violation");
|
RECV_ERROR(2, "Access violation");
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -835,8 +833,6 @@ TFTPD_TC_DEFINE(wrq_eaccess_world_readable,)
|
|||||||
close(fd);
|
close(fd);
|
||||||
|
|
||||||
SEND_WRQ("empty.txt", "octet");
|
SEND_WRQ("empty.txt", "octet");
|
||||||
atf_tc_expect_fail("PR 225996 tftpd doesn't abort on a WRQ access "
|
|
||||||
"violation");
|
|
||||||
RECV_ERROR(2, "Access violation");
|
RECV_ERROR(2, "Access violation");
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -911,8 +907,6 @@ TFTPD_TC_DEFINE(wrq_netascii,)
|
|||||||
TFTPD_TC_DEFINE(wrq_nonexistent,)
|
TFTPD_TC_DEFINE(wrq_nonexistent,)
|
||||||
{
|
{
|
||||||
SEND_WRQ("nonexistent.txt", "octet");
|
SEND_WRQ("nonexistent.txt", "octet");
|
||||||
atf_tc_expect_fail("PR 225996 tftpd doesn't abort on a WRQ access "
|
|
||||||
"violation");
|
|
||||||
RECV_ERROR(1, "File not found");
|
RECV_ERROR(1, "File not found");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -545,6 +545,10 @@ tftp_wrq(int peer, char *recvbuffer, ssize_t size)
|
|||||||
filename, errtomsg(ecode));
|
filename, errtomsg(ecode));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (ecode) {
|
||||||
|
send_error(peer, ecode);
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
tftp_recvfile(peer, mode);
|
tftp_recvfile(peer, mode);
|
||||||
exit(0);
|
exit(0);
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user