Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

make sure we do not overrun packet buffer when we set error message string.

This commit is contained in:
itojun 2000-11-21 13:50:25 +00:00
parent 9b1ccfd10e
commit b7b6056081
1 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
libexec/tftpd/tftpd.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: tftpd.c,v 1.20 2000/11/21 13:39:07 itojun Exp $ */
/* $NetBSD: tftpd.c,v 1.21 2000/11/21 13:50:25 itojun Exp $ */
/*
* Copyright (c) 1983, 1993
@ -40,7 +40,7 @@ __COPYRIGHT("@(#) Copyright (c) 1983, 1993\n\
#if 0
static char sccsid[] = "@(#)tftpd.c 8.1 (Berkeley) 6/4/93";
#else
__RCSID("$NetBSD: tftpd.c,v 1.20 2000/11/21 13:39:07 itojun Exp $");
__RCSID("$NetBSD: tftpd.c,v 1.21 2000/11/21 13:50:25 itojun Exp $");
#endif
#endif /* not lint */
@ -774,23 +774,24 @@ nak(error)
struct tftphdr *tp;
int length;
const struct errmsg *pe;
size_t msglen;
tp = (struct tftphdr *)buf;
tp->th_opcode = htons((u_short)ERROR);
msglen = sizeof(buf) - (&tp->th_msg[0] - buf);
for (pe = errmsgs; pe->e_code >= 0; pe++)
if (pe->e_code == error)
break;
if (pe->e_code < 0) {
tp->th_code = EUNDEF; /* set 'undef' errorcode */
strcpy(tp->th_msg, strerror(error - 100));
strlcpy(tp->th_msg, strerror(error - 100), msglen);
} else {
tp->th_code = htons((u_short)error);
strcpy(tp->th_msg, pe->e_msg);
strlcpy(tp->th_msg, pe->e_msg, msglen);
}
length = strlen(pe->e_msg);
tp->th_msg[length] = '\0';
length += 5;
if (send(peer, buf, length, 0) != length)
length = strlen(tp->th_msg);
msglen = &tp->th_msg[length + 1] - buf;
if (send(peer, buf, msglen, 0) != msglen)
syslog(LOG_ERR, "nak: %m");
}