|
|
44b48a |
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
|
44b48a |
From: Javier Martinez Canillas <javierm@redhat.com>
|
|
|
44b48a |
Date: Mon, 24 Aug 2020 14:46:27 +0200
|
|
|
44b48a |
Subject: [PATCH] tftp: roll over block counter to prevent timeouts with data
|
|
|
44b48a |
packets
|
|
|
44b48a |
|
|
|
44b48a |
The block number is a 16-bit counter which only allows to fetch
|
|
|
44b48a |
files no bigger than 65535 * blksize. To avoid this limit, the
|
|
|
44b48a |
counter is rolled over. This behavior isn't defined in RFC 1350
|
|
|
44b48a |
but is handled by many TFTP servers and it's what GRUB was doing
|
|
|
44b48a |
before implicitly due an overflow.
|
|
|
44b48a |
|
|
|
44b48a |
Fixing that bug led to TFTP timeouts, since GRUB wasn't acking
|
|
|
44b48a |
data packets anymore for files with size bigger than the maximum
|
|
|
44b48a |
mentioned above. Restore the old behavior to prevent this issue.
|
|
|
44b48a |
|
|
|
44b48a |
Resolves: rhbz#1869987
|
|
|
44b48a |
|
|
|
44b48a |
Suggested-by: Peter Jones <pjones@redhat.com>
|
|
|
44b48a |
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
|
|
|
44b48a |
---
|
|
|
44b48a |
grub-core/net/tftp.c | 16 ++++++++++++++--
|
|
|
44b48a |
1 file changed, 14 insertions(+), 2 deletions(-)
|
|
|
44b48a |
|
|
|
44b48a |
diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c
|
|
|
b1bcb2 |
index 79c16f9b041..b9a4b607a3d 100644
|
|
|
44b48a |
--- a/grub-core/net/tftp.c
|
|
|
44b48a |
+++ b/grub-core/net/tftp.c
|
|
|
44b48a |
@@ -183,8 +183,20 @@ tftp_receive (grub_net_udp_socket_t sock __attribute__ ((unused)),
|
|
|
44b48a |
return GRUB_ERR_NONE;
|
|
|
44b48a |
}
|
|
|
44b48a |
|
|
|
44b48a |
- /* Ack old/retransmitted block. */
|
|
|
44b48a |
- if (grub_be_to_cpu16 (tftph->u.data.block) < data->block + 1)
|
|
|
44b48a |
+ /*
|
|
|
44b48a |
+ * Ack old/retransmitted block.
|
|
|
44b48a |
+ *
|
|
|
44b48a |
+ * The block number is a 16-bit counter which only allows to fetch
|
|
|
44b48a |
+ * files no bigger than 65535 * blksize. To avoid this limit, the
|
|
|
44b48a |
+ * counter is rolled over. This behavior isn't defined in RFC 1350
|
|
|
44b48a |
+ * but is handled by many TFTP servers and it's what GRUB was doing
|
|
|
44b48a |
+ * before implicitly due an overflow.
|
|
|
44b48a |
+ *
|
|
|
44b48a |
+ * Fixing that bug led to TFTP timeouts, since GRUB wasn't acking
|
|
|
44b48a |
+ * data packets anymore for files with size bigger than the maximum
|
|
|
44b48a |
+ * mentioned above. Restore the old behavior to prevent this issue.
|
|
|
44b48a |
+ */
|
|
|
44b48a |
+ if (grub_be_to_cpu16 (tftph->u.data.block) < ((data->block + 1) & 0xffffu))
|
|
|
44b48a |
ack (data, grub_be_to_cpu16 (tftph->u.data.block));
|
|
|
44b48a |
/* Ignore unexpected block. */
|
|
|
44b48a |
else if (grub_be_to_cpu16 (tftph->u.data.block) > data->block + 1)
|