|
 |
c87ad5 |
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
|
c87ad5 |
From: Javier Martinez Canillas <javierm@redhat.com>
|
|
|
c87ad5 |
Date: Mon, 24 Aug 2020 14:46:27 +0200
|
|
|
c87ad5 |
Subject: [PATCH] tftp: roll over block counter to prevent timeouts with data
|
|
|
c87ad5 |
packets
|
|
|
c87ad5 |
|
|
|
c87ad5 |
The block number is a 16-bit counter which only allows to fetch
|
|
|
c87ad5 |
files no bigger than 65535 * blksize. To avoid this limit, the
|
|
|
c87ad5 |
counter is rolled over. This behavior isn't defined in RFC 1350
|
|
|
c87ad5 |
but is handled by many TFTP servers and it's what GRUB was doing
|
|
|
c87ad5 |
before implicitly due an overflow.
|
|
|
c87ad5 |
|
|
|
c87ad5 |
Fixing that bug led to TFTP timeouts, since GRUB wasn't acking
|
|
|
c87ad5 |
data packets anymore for files with size bigger than the maximum
|
|
|
c87ad5 |
mentioned above. Restore the old behavior to prevent this issue.
|
|
|
c87ad5 |
|
|
|
c87ad5 |
Resolves: rhbz#1871034
|
|
|
c87ad5 |
|
|
|
c87ad5 |
Suggested-by: Peter Jones <pjones@redhat.com>
|
|
|
c87ad5 |
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
|
|
|
c87ad5 |
---
|
|
|
c87ad5 |
grub-core/net/tftp.c | 16 ++++++++++++++--
|
|
|
c87ad5 |
1 file changed, 14 insertions(+), 2 deletions(-)
|
|
|
c87ad5 |
|
|
|
c87ad5 |
diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c
|
|
|
c87ad5 |
index 2c52f692b25..4f38d7ef1f7 100644
|
|
|
c87ad5 |
--- a/grub-core/net/tftp.c
|
|
|
c87ad5 |
+++ b/grub-core/net/tftp.c
|
|
|
c87ad5 |
@@ -183,8 +183,20 @@ tftp_receive (grub_net_udp_socket_t sock __attribute__ ((unused)),
|
|
|
c87ad5 |
return GRUB_ERR_NONE;
|
|
|
c87ad5 |
}
|
|
|
c87ad5 |
|
|
|
c87ad5 |
- /* Ack old/retransmitted block. */
|
|
|
c87ad5 |
- if (grub_be_to_cpu16 (tftph->u.data.block) < data->block + 1)
|
|
|
c87ad5 |
+ /*
|
|
|
c87ad5 |
+ * Ack old/retransmitted block.
|
|
|
c87ad5 |
+ *
|
|
|
c87ad5 |
+ * The block number is a 16-bit counter which only allows to fetch
|
|
|
c87ad5 |
+ * files no bigger than 65535 * blksize. To avoid this limit, the
|
|
|
c87ad5 |
+ * counter is rolled over. This behavior isn't defined in RFC 1350
|
|
|
c87ad5 |
+ * but is handled by many TFTP servers and it's what GRUB was doing
|
|
|
c87ad5 |
+ * before implicitly due an overflow.
|
|
|
c87ad5 |
+ *
|
|
|
c87ad5 |
+ * Fixing that bug led to TFTP timeouts, since GRUB wasn't acking
|
|
|
c87ad5 |
+ * data packets anymore for files with size bigger than the maximum
|
|
|
c87ad5 |
+ * mentioned above. Restore the old behavior to prevent this issue.
|
|
|
c87ad5 |
+ */
|
|
|
c87ad5 |
+ if (grub_be_to_cpu16 (tftph->u.data.block) < ((data->block + 1) & 0xffffu))
|
|
|
c87ad5 |
ack (data, grub_be_to_cpu16 (tftph->u.data.block));
|
|
|
c87ad5 |
/* Ignore unexpected block. */
|
|
|
c87ad5 |
else if (grub_be_to_cpu16 (tftph->u.data.block) > data->block + 1)
|