nalika / rpms / grub2

Forked from rpms/grub2 2 years ago
Clone
8631a2
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
8631a2
From: Mark Salter <msalter@redhat.com>
8631a2
Date: Tue, 7 Mar 2017 18:26:17 -0500
8631a2
Subject: [PATCH] Fix malformed tftp packets
8631a2
8631a2
0088-Normalize-slashes-in-tftp-paths.patch collapses multiple contiguous
8631a2
slashes in a filename into one slash in the tftp packet filename field.
8631a2
However, the packet buffer pointer is advanced using the original name.
8631a2
This leaves unitialized data between the name field and the type field
8631a2
leading to tftp errors. Use the length of the normalized name to avoid
8631a2
this.
8631a2
8631a2
Signed-off-by: Mark Salter <msalter@redhat.com>
8631a2
---
8631a2
 grub-core/net/tftp.c | 4 ++--
8631a2
 1 file changed, 2 insertions(+), 2 deletions(-)
8631a2
8631a2
diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c
f6e916
index 5ca0a96a6..dcd824943 100644
8631a2
--- a/grub-core/net/tftp.c
8631a2
+++ b/grub-core/net/tftp.c
8631a2
@@ -360,8 +360,8 @@ tftp_open (struct grub_file *file, const char *filename)
8631a2
   /* Copy and normalize the filename to work-around issues on some tftp
8631a2
      servers when file names are being matched for remapping. */
8631a2
   grub_normalize_filename (rrq, filename);
8631a2
-  rrqlen += grub_strlen (filename) + 1;
8631a2
-  rrq += grub_strlen (filename) + 1;
8631a2
+  rrqlen += grub_strlen (rrq) + 1;
8631a2
+  rrq += grub_strlen (rrq) + 1;
8631a2
 
8631a2
   grub_strcpy (rrq, "octet");
8631a2
   rrqlen += grub_strlen ("octet") + 1;