Changeset 76782 in vbox for trunk/src/VBox/Devices/Network/slirp

Timestamp:

Jan 11, 2019 4:36:34 PM (6 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

128112

Message:

NAT: clamp tftp block size to 1428 to simplify things.

File:

• trunk/src/VBox/Devices/Network/slirp/tftp.c (modified) (6 diffs)

trunk/src/VBox/Devices/Network/slirp/tftp.c

@@ -274 +274 @@
     while (cbTftpRRQRaw)
     {
-        idxTftpRRQRaw = RTStrNLen(pszTftpRRQRaw, 512 - idxTftpRRQRaw) + 1;
+        rc = RTStrNLenEx(pszTftpRRQRaw, cbTftpRRQRaw, &idxTftpRRQRaw);
+        if (RT_SUCCESS(rc))
+            ++idxTftpRRQRaw;    /* count the NUL too */
+        else
+            break;
+
         if (RTStrNLen((char *)pTftpSession->pszFilename, TFTP_FILENAME_MAX) == 0)
         {
@@ -300 +305 @@
         {
             if (!RTStrICmp("blksize", g_TftpDesc[idxOptionArg].pszName))
-            {
                 rc = tftpSessionParseAndMarkOption(pszTftpRRQRaw, &pTftpSession->OptionBlkSize);
-                if (pTftpSession->OptionBlkSize.u64Value > UINT16_MAX)
-                    rc = VERR_INVALID_PARAMETER;
-            }
 
             if (   RT_SUCCESS(rc)
@@ -455 +456 @@
     }
 
+    int cOptions = 0;
+
     if (pTftpSession->OptionTSize.fRequested)
     {
         pTftpSession->OptionTSize.u64Value = cbSessionFile;
-    }
-    if (   !pTftpSession->OptionBlkSize.u64Value
-        && !pTftpSession->OptionBlkSize.fRequested)
-    {
-        pTftpSession->OptionBlkSize.u64Value = 1428;
-    }
+        ++cOptions;
+    }
+
+    if (pTftpSession->OptionBlkSize.fRequested)
+    {
+        if (pTftpSession->OptionBlkSize.u64Value < 8)
+        {
+            /*
+             * we cannot make a counter-offer larger than the client's
+             * value, so just pretend we didn't recognize it and use
+             * default block size
+             */
+            pTftpSession->OptionBlkSize.fRequested = 0;
+            pTftpSession->OptionBlkSize.u64Value = 512;
+        }
+        else if (pTftpSession->OptionBlkSize.u64Value > 1428)
+        {
+            pTftpSession->OptionBlkSize.u64Value = 1428;
+            ++cOptions;
+        }
+    }
+    else
+    {
+        pTftpSession->OptionBlkSize.u64Value = 512;
+    }
+
+    rc = cOptions > 0 ? VINF_SUCCESS : VWRN_NOT_FOUND;
     LogFlowFuncLeaveRC(rc);
     return rc;
@@ -506 +530 @@
     AssertPtrReturn(pu8Data, VERR_INVALID_PARAMETER);
     AssertPtrReturn(pcbReadData, VERR_INVALID_PARAMETER);
-    AssertReturn(pcTftpSession->OptionBlkSize.u64Value < UINT16_MAX, VERR_INVALID_PARAMETER);
     LogFlowFunc(("pcTftpSession:%p, pu8Data:%p, pcbReadData:%p\n",
                     pcTftpSession,
@@ -602 +625 @@
 
     if (pTftpSession->OptionBlkSize.fRequested)
-    {
-        if (pTftpSession->OptionBlkSize.u64Value > UINT16_MAX)
-            rc = VERR_INVALID_PARAMETER;
-        else
-            rc = tftpAddOptionToOACK(pData, m, "blksize", pTftpSession->OptionBlkSize.u64Value);
-    }
+        rc = tftpAddOptionToOACK(pData, m, "blksize", pTftpSession->OptionBlkSize.u64Value);
+
     if (   RT_SUCCESS(rc)
         && pTftpSession->OptionTSize.fRequested)
@@ -683 +702 @@
     pTftpIpHeader->Core.u16TftpOpCode = RT_H2N_U16(pTftpSession->cTftpAck);
 
-    rc = tftpReadDataBlock(pData, pTftpSession, (uint8_t *)&pTftpIpHeader->Core.u16TftpOpCode + sizeof(uint16_t), &cbRead);
+    if (RT_LIKELY(M_TRAILINGSPACE(m) >= pTftpSession->OptionBlkSize.u64Value))
+    {
+        uint8_t *pu8Data = (uint8_t *)&pTftpIpHeader->Core.u16TftpOpCode + sizeof(uint16_t);
+        rc = tftpReadDataBlock(pData, pTftpSession, pu8Data, &cbRead);
+    }
+    else
+        rc = VERR_BUFFER_OVERFLOW;
 
     if (RT_SUCCESS(rc))