dcavalca / rpms / grub2

Forked from rpms/grub2 3 years ago
Clone

Blame SOURCES/0078-Fix-malformed-tftp-packets.patch

d9d99f
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
d9d99f
From: Mark Salter <msalter@redhat.com>
d9d99f
Date: Tue, 7 Mar 2017 18:26:17 -0500
d9d99f
Subject: [PATCH] Fix malformed tftp packets
d9d99f
d9d99f
0088-Normalize-slashes-in-tftp-paths.patch collapses multiple contiguous
d9d99f
slashes in a filename into one slash in the tftp packet filename field.
d9d99f
However, the packet buffer pointer is advanced using the original name.
d9d99f
This leaves unitialized data between the name field and the type field
d9d99f
leading to tftp errors. Use the length of the normalized name to avoid
d9d99f
this.
d9d99f
d9d99f
Signed-off-by: Mark Salter <msalter@redhat.com>
d9d99f
---
d9d99f
 grub-core/net/tftp.c | 4 ++--
d9d99f
 1 file changed, 2 insertions(+), 2 deletions(-)
d9d99f
d9d99f
diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c
d9d99f
index 5ca0a96a6f6..dcd82494309 100644
d9d99f
--- a/grub-core/net/tftp.c
d9d99f
+++ b/grub-core/net/tftp.c
d9d99f
@@ -360,8 +360,8 @@ tftp_open (struct grub_file *file, const char *filename)
d9d99f
   /* Copy and normalize the filename to work-around issues on some tftp
d9d99f
      servers when file names are being matched for remapping. */
d9d99f
   grub_normalize_filename (rrq, filename);
d9d99f
-  rrqlen += grub_strlen (filename) + 1;
d9d99f
-  rrq += grub_strlen (filename) + 1;
d9d99f
+  rrqlen += grub_strlen (rrq) + 1;
d9d99f
+  rrq += grub_strlen (rrq) + 1;
d9d99f
 
d9d99f
   grub_strcpy (rrq, "octet");
d9d99f
   rrqlen += grub_strlen ("octet") + 1;