V3s_Allwinner
/
uboot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Fix TFTP OACK code for short packets. 

The old code had a loop limit overflow bug which caused a semi-
infinite loop for small packets, because in "i<len-8", "i" was signed,
but "len" was unsigned, and "len-8" became a huge number for small
values of "len".

This is a workaround which replaces broken commit 8f1bc284.

Signed-off-by: Wolfgang Denk <wd@denx.de>
This commit is contained in:
Wolfgang Denk 2007-08-31 10:01:51 +02:00
parent ff13ac8c7b
commit 60174746c6
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
net/tftp.c
View File

@ -276,8 +276,12 @@ TftpHandler (uchar * pkt, unsigned dest, unsigned src, unsigned len)
#endif
TftpState = STATE_OACK;
TftpServerPort = src;
/* Check for 'blksize' option */
for (i=0;i<len-8;i++) {
/*
* Check for 'blksize' option.
* Careful: "i" is signed, "len" is unsigned, thus
* something like "len-8" may give a *huge* number
*/
for (i=0; i+8<len; i++) {
if (strcmp ((char*)pkt+i,"blksize") == 0) {
TftpBlkSize = (unsigned short)
simple_strtoul((char*)pkt+i+8,NULL,10);