Commit 3f179481 authored by Marc-André Lureau's avatar Marc-André Lureau
Browse files

tftp: check tftp_input buffer size

Fixes: CVE-2021-3595
Fixes: https://gitlab.freedesktop.org/slirp/libslirp/-/issues/46

Signed-off-by: default avatarMarc-André Lureau <marcandre.lureau@redhat.com>
parent de71c15d
......@@ -446,7 +446,11 @@ static void tftp_handle_error(Slirp *slirp, struct sockaddr_storage *srcsas,
void tftp_input(struct sockaddr_storage *srcsas, struct mbuf *m)
{
struct tftp_t *tp = (struct tftp_t *)m->m_data;
struct tftp_t *tp = mtod_check(m, offsetof(struct tftp_t, x.tp_buf));
if (tp == NULL) {
return;
}
switch (ntohs(tp->tp_op)) {
case TFTP_RRQ:
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment