nalika / rpms / grub2

Forked from rpms/grub2 2 years ago
Clone

Blame SOURCES/0078-Fix-malformed-tftp-packets.patch

8631a2
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
8631a2
From: Mark Salter <msalter@redhat.com>
8631a2
Date: Tue, 7 Mar 2017 18:26:17 -0500
8631a2
Subject: [PATCH] Fix malformed tftp packets
8631a2
8631a2
0088-Normalize-slashes-in-tftp-paths.patch collapses multiple contiguous
8631a2
slashes in a filename into one slash in the tftp packet filename field.
8631a2
However, the packet buffer pointer is advanced using the original name.
8631a2
This leaves unitialized data between the name field and the type field
8631a2
leading to tftp errors. Use the length of the normalized name to avoid
8631a2
this.
8631a2
8631a2
Signed-off-by: Mark Salter <msalter@redhat.com>
8631a2
---
8631a2
 grub-core/net/tftp.c | 4 ++--
8631a2
 1 file changed, 2 insertions(+), 2 deletions(-)
8631a2
8631a2
diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c
8631a2
index 5ca0a96a6f6..dcd82494309 100644
8631a2
--- a/grub-core/net/tftp.c
8631a2
+++ b/grub-core/net/tftp.c
8631a2
@@ -360,8 +360,8 @@ tftp_open (struct grub_file *file, const char *filename)
8631a2
   /* Copy and normalize the filename to work-around issues on some tftp
8631a2
      servers when file names are being matched for remapping. */
8631a2
   grub_normalize_filename (rrq, filename);
8631a2
-  rrqlen += grub_strlen (filename) + 1;
8631a2
-  rrq += grub_strlen (filename) + 1;
8631a2
+  rrqlen += grub_strlen (rrq) + 1;
8631a2
+  rrq += grub_strlen (rrq) + 1;
8631a2
 
8631a2
   grub_strcpy (rrq, "octet");
8631a2
   rrqlen += grub_strlen ("octet") + 1;