blob: a91913cb51e9063e5c0cf03a0ce49ba87cfc5b71 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
tftpd: Fix abort on error path
When trying to fetch a non existent file, the app crashes with:
*** buffer overflow detected ***:
Aborted
Upstream-Status: Submitted [https://www.mail-archive.com/bug-inetutils@gnu.org/msg03036.html https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91205]
Signed-off-by: Ricardo Ribalda Delgado <ricardo@ribalda.com>
diff --git a/src/tftpd.c b/src/tftpd.c
index 56002a0..144012f 100644
--- a/src/tftpd.c
+++ b/src/tftpd.c
@@ -864,9 +864,8 @@ nak (int error)
pe->e_msg = strerror (error - 100);
tp->th_code = EUNDEF; /* set 'undef' errorcode */
}
- strcpy (tp->th_msg, pe->e_msg);
length = strlen (pe->e_msg);
- tp->th_msg[length] = '\0';
+ memcpy(tp->th_msg, pe->e_msg, length + 1);
length += 5;
if (sendto (peer, buf, length, 0, (struct sockaddr *) &from, fromlen) != length)
syslog (LOG_ERR, "nak: %m\n");
|
