From 55a27027d5f024a0ecc2c23c81ed99de6192c9f3 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 3 May 2019 22:20:37 +0200 Subject: [PATCH] tftp: use the current blksize for recvfrom() bug: https://curl.haxx.se/docs/CVE-2019-5436.html Reported-by: l00p3r on hackerone CVE-2019-5436 Upstream-commit: 2576003415625d7b5f0e390902f8097830b82275 Signed-off-by: Kamil Dudka --- lib/tftp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/tftp.c b/lib/tftp.c index 269b3cd..4f2a131 100644 --- a/lib/tftp.c +++ b/lib/tftp.c @@ -1005,7 +1005,7 @@ static CURLcode tftp_connect(struct connectdata *conn, bool *done) state->sockfd = state->conn->sock[FIRSTSOCKET]; state->state = TFTP_STATE_START; state->error = TFTP_ERR_NONE; - state->blksize = TFTP_BLKSIZE_DEFAULT; + state->blksize = blksize; state->requested_blksize = blksize; ((struct sockaddr *)&state->local_addr)->sa_family = -- 2.20.1