|
|
2bd82f |
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
|
2bd82f |
From: Javier Martinez Canillas <javierm@redhat.com>
|
|
|
2bd82f |
Date: Mon, 24 Aug 2020 14:46:27 +0200
|
|
|
2bd82f |
Subject: [PATCH] tftp: roll over block counter to prevent timeouts with data
|
|
|
2bd82f |
packets
|
|
|
2bd82f |
|
|
|
2bd82f |
The block number is a 16-bit counter which only allows to fetch
|
|
|
2bd82f |
files no bigger than 65535 * blksize. To avoid this limit, the
|
|
|
2bd82f |
counter is rolled over. This behavior isn't defined in RFC 1350
|
|
|
2bd82f |
but is handled by many TFTP servers and it's what GRUB was doing
|
|
|
2bd82f |
before implicitly due an overflow.
|
|
|
2bd82f |
|
|
|
2bd82f |
Fixing that bug led to TFTP timeouts, since GRUB wasn't acking
|
|
|
2bd82f |
data packets anymore for files with size bigger than the maximum
|
|
|
2bd82f |
mentioned above. Restore the old behavior to prevent this issue.
|
|
|
2bd82f |
|
|
|
2bd82f |
Resolves: rhbz#1871034
|
|
|
2bd82f |
|
|
|
2bd82f |
Suggested-by: Peter Jones <pjones@redhat.com>
|
|
|
2bd82f |
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
|
|
|
2bd82f |
---
|
|
|
2bd82f |
grub-core/net/tftp.c | 16 ++++++++++++++--
|
|
|
2bd82f |
1 file changed, 14 insertions(+), 2 deletions(-)
|
|
|
2bd82f |
|
|
|
2bd82f |
diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c
|
|
|
2bd82f |
index 2c52f692b25..4f38d7ef1f7 100644
|
|
|
2bd82f |
--- a/grub-core/net/tftp.c
|
|
|
2bd82f |
+++ b/grub-core/net/tftp.c
|
|
|
2bd82f |
@@ -183,8 +183,20 @@ tftp_receive (grub_net_udp_socket_t sock __attribute__ ((unused)),
|
|
|
2bd82f |
return GRUB_ERR_NONE;
|
|
|
2bd82f |
}
|
|
|
2bd82f |
|
|
|
2bd82f |
- /* Ack old/retransmitted block. */
|
|
|
2bd82f |
- if (grub_be_to_cpu16 (tftph->u.data.block) < data->block + 1)
|
|
|
2bd82f |
+ /*
|
|
|
2bd82f |
+ * Ack old/retransmitted block.
|
|
|
2bd82f |
+ *
|
|
|
2bd82f |
+ * The block number is a 16-bit counter which only allows to fetch
|
|
|
2bd82f |
+ * files no bigger than 65535 * blksize. To avoid this limit, the
|
|
|
2bd82f |
+ * counter is rolled over. This behavior isn't defined in RFC 1350
|
|
|
2bd82f |
+ * but is handled by many TFTP servers and it's what GRUB was doing
|
|
|
2bd82f |
+ * before implicitly due an overflow.
|
|
|
2bd82f |
+ *
|
|
|
2bd82f |
+ * Fixing that bug led to TFTP timeouts, since GRUB wasn't acking
|
|
|
2bd82f |
+ * data packets anymore for files with size bigger than the maximum
|
|
|
2bd82f |
+ * mentioned above. Restore the old behavior to prevent this issue.
|
|
|
2bd82f |
+ */
|
|
|
2bd82f |
+ if (grub_be_to_cpu16 (tftph->u.data.block) < ((data->block + 1) & 0xffffu))
|
|
|
2bd82f |
ack (data, grub_be_to_cpu16 (tftph->u.data.block));
|
|
|
2bd82f |
/* Ignore unexpected block. */
|
|
|
2bd82f |
else if (grub_be_to_cpu16 (tftph->u.data.block) > data->block + 1)
|