From 799edf0ad8af9f553b3d9ff319459f310e97bd35 Mon Sep 17 00:00:00 2001 From: asomers Date: Fri, 3 Aug 2018 14:19:09 +0000 Subject: [PATCH] MFC r330719: tftpd: Abort on an WRQ access violation On a WRQ (write request) tftpd checks whether the client has access permission for the file in question. If not, then the write is prevented. However, tftpd doesn't reply with an ERROR packet, nor does it abort. Instead, it tries to receive the packet anyway. The symptom is slightly different depending on the nature of the error. If the target file is nonexistent and tftpd lacks permission to create it, then tftpd will willingly receive the file, but not write it anywhere. If the file exists but is not writable, then tftpd will fail to ACK to WRQ. PR: 225996 git-svn-id: svn://svn.freebsd.org/base/stable/10@337249 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f --- libexec/tftpd/tests/functional.c | 6 ------ libexec/tftpd/tftpd.c | 4 ++++ 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/libexec/tftpd/tests/functional.c b/libexec/tftpd/tests/functional.c index d67086515..f06346ffb 100644 --- a/libexec/tftpd/tests/functional.c +++ b/libexec/tftpd/tests/functional.c @@ -819,8 +819,6 @@ TFTPD_TC_DEFINE(wrq_eaccess,) close(fd); SEND_WRQ("empty.txt", "octet"); - atf_tc_expect_fail("PR 225996 tftpd doesn't abort on a WRQ access " - "violation"); RECV_ERROR(2, "Access violation"); } @@ -837,8 +835,6 @@ TFTPD_TC_DEFINE(wrq_eaccess_world_readable,) close(fd); SEND_WRQ("empty.txt", "octet"); - atf_tc_expect_fail("PR 225996 tftpd doesn't abort on a WRQ access " - "violation"); RECV_ERROR(2, "Access violation"); } @@ -915,8 +911,6 @@ TFTPD_TC_DEFINE(wrq_netascii,) TFTPD_TC_DEFINE(wrq_nonexistent,) { SEND_WRQ("nonexistent.txt", "octet"); - atf_tc_expect_fail("PR 225996 tftpd doesn't abort on a WRQ access " - "violation"); RECV_ERROR(1, "File not found"); } diff --git a/libexec/tftpd/tftpd.c b/libexec/tftpd/tftpd.c index 2b2e54910..677fff586 100644 --- a/libexec/tftpd/tftpd.c +++ b/libexec/tftpd/tftpd.c @@ -543,6 +543,10 @@ tftp_wrq(int peer, char *recvbuffer, ssize_t size) filename, errtomsg(ecode)); } + if (ecode) { + send_error(peer, ecode); + exit(1); + } tftp_recvfile(peer, mode); exit(0); } -- 2.42.0