svn commit: r332609 - in stable/11: libexec/tftpd libexec/tftpd/tests usr.bin/tftp
Alan Somers
asomers at FreeBSD.org
Mon Apr 16 16:33:36 UTC 2018
Author: asomers
Date: Mon Apr 16 16:33:35 2018
New Revision: 332609
URL: https://svnweb.freebsd.org/changeset/base/332609
Log:
MFC r330710, r330718-r330720
r330710:
tftpd: Flush files as soon as they are fully received
On an RRQ, tftpd doesn't exit as soon as it's finished receiving a file.
Instead, it waits five seconds just in case the client didn't receive the
server's last ACK and decides to resend the final DATA packet.
Unfortunately, this created a 5 second delay from when the client thinks
it's done sending the file, and when the file is available for other
processes.
Fix this bug by closing the file as soon as receipt is finished.
PR: 157700
Reported by: Barry Mishler <barry_mishler at yahoo.com>
r330718:
tftpd: Verify world-writability for WRQ when using relative paths
tftpd(8) says that files may only be written if they already exist and are
publicly writable. tftpd.c verifies that a file is publicly writable if it
uses an absolute pathname. However, if the pathname is relative, that check
is skipped. Fix it.
Note that this is not a security vulnerability, because the transfer
ultimately doesn't work unless the file already exists and is owned by user
nobody. Also, this bug does not affect the default configuration, because
the default uses the "-s" option which makes all pathnames absolute.
PR: 226004
r330719:
tftpd: Abort on an WRQ access violation
On a WRQ (write request) tftpd checks whether the client has access
permission for the file in question. If not, then the write is prevented.
However, tftpd doesn't reply with an ERROR packet, nor does it abort.
Instead, it tries to receive the packet anyway.
The symptom is slightly different depending on the nature of the error. If
the target file is nonexistent and tftpd lacks permission to create it, then
tftpd will willingly receive the file, but not write it anywhere. If the
file exists but is not writable, then tftpd will fail to ACK to WRQ.
PR: 225996
r330720:
tftpd: reject unknown opcodes
If tftpd receives a command with an unknown opcode, it simply exits 1. It
doesn't send an ERROR packet, and the client will hang waiting for one. Fix
it.
PR: 226005
Modified:
stable/11/libexec/tftpd/tests/functional.c
stable/11/libexec/tftpd/tftp-transfer.c
stable/11/libexec/tftpd/tftpd.c
stable/11/usr.bin/tftp/tftp.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/libexec/tftpd/tests/functional.c
==============================================================================
--- stable/11/libexec/tftpd/tests/functional.c Mon Apr 16 16:32:00 2018 (r332608)
+++ stable/11/libexec/tftpd/tests/functional.c Mon Apr 16 16:33:35 2018 (r332609)
@@ -348,6 +348,10 @@ setup(struct sockaddr_storage *to, uint16_t idx)
ATF_REQUIRE((client_s = socket(protocol, SOCK_DGRAM, 0)) > 0);
break;
}
+
+ /* Clear the client's umask. Test cases will specify exact modes */
+ umask(0000);
+
return (client_s);
}
@@ -671,7 +675,6 @@ TFTPD_TC_DEFINE(unknown_opcode,)
{
/* Looks like an RRQ or WRQ request, but with a bad opcode */
SEND_STR("\0\007foo.txt\0octet\0");
- atf_tc_expect_timeout("PR 226005 tftpd ignores bad opcodes but doesn't reject them");
RECV_ERROR(4, "Illegal TFTP operation");
}
@@ -692,7 +695,6 @@ TFTPD_TC_DEFINE(w_flag,, w_flag = 1;)
send_data(1, contents, contents_len);
recv_ack(1);
- atf_tc_expect_fail("PR 157700 tftpd expects more data after EOF");
fd = open("small.txt", O_RDONLY);
ATF_REQUIRE(fd >= 0);
r = read(fd, buffer, sizeof(buffer));
@@ -714,7 +716,7 @@ TFTPD_TC_DEFINE(wrq_dropped_ack,)
for (i = 0; i < nitems(contents); i++)
contents[i] = i;
- fd = open("medium.txt", O_RDWR | O_CREAT, 0644);
+ fd = open("medium.txt", O_RDWR | O_CREAT, 0666);
ATF_REQUIRE(fd >= 0);
close(fd);
@@ -730,7 +732,6 @@ TFTPD_TC_DEFINE(wrq_dropped_ack,)
send_data(2, (const char*)&contents[128], 256);
recv_ack(2);
- atf_tc_expect_fail("PR 157700 tftpd expects more data after EOF");
fd = open("medium.txt", O_RDONLY);
ATF_REQUIRE(fd >= 0);
r = read(fd, buffer, sizeof(buffer));
@@ -749,7 +750,7 @@ TFTPD_TC_DEFINE(wrq_dropped_data,)
size_t contents_len;
char buffer[1024];
- fd = open("small.txt", O_RDWR | O_CREAT, 0644);
+ fd = open("small.txt", O_RDWR | O_CREAT, 0666);
ATF_REQUIRE(fd >= 0);
close(fd);
contents_len = strlen(contents) + 1;
@@ -764,7 +765,6 @@ TFTPD_TC_DEFINE(wrq_dropped_data,)
send_data(1, contents, contents_len);
recv_ack(1);
- atf_tc_expect_fail("PR 157700 tftpd expects more data after EOF");
fd = open("small.txt", O_RDONLY);
ATF_REQUIRE(fd >= 0);
r = read(fd, buffer, sizeof(buffer));
@@ -786,7 +786,7 @@ TFTPD_TC_DEFINE(wrq_duped_data,)
for (i = 0; i < nitems(contents); i++)
contents[i] = i;
- fd = open("medium.txt", O_RDWR | O_CREAT, 0644);
+ fd = open("medium.txt", O_RDWR | O_CREAT, 0666);
ATF_REQUIRE(fd >= 0);
close(fd);
@@ -799,7 +799,6 @@ TFTPD_TC_DEFINE(wrq_duped_data,)
send_data(2, (const char*)&contents[128], 256);
recv_ack(2);
- atf_tc_expect_fail("PR 157700 tftpd expects more data after EOF");
fd = open("medium.txt", O_RDONLY);
ATF_REQUIRE(fd >= 0);
r = read(fd, buffer, sizeof(buffer));
@@ -819,8 +818,6 @@ TFTPD_TC_DEFINE(wrq_eaccess,)
close(fd);
SEND_WRQ("empty.txt", "octet");
- atf_tc_expect_fail("PR 225996 tftpd doesn't abort on a WRQ access "
- "violation");
RECV_ERROR(2, "Access violation");
}
@@ -837,7 +834,6 @@ TFTPD_TC_DEFINE(wrq_eaccess_world_readable,)
close(fd);
SEND_WRQ("empty.txt", "octet");
- atf_tc_expect_fail("PR 226004 with relative pathnames, tftpd doesn't validate world writability");
RECV_ERROR(2, "Access violation");
}
@@ -867,7 +863,6 @@ TFTPD_TC_DEFINE(wrq_medium,)
send_data(2, (const char*)&contents[128], 256);
recv_ack(2);
- atf_tc_expect_fail("PR 157700 tftpd expects more data after EOF");
fd = open("medium.txt", O_RDONLY);
ATF_REQUIRE(fd >= 0);
r = read(fd, buffer, sizeof(buffer));
@@ -894,14 +889,13 @@ TFTPD_TC_DEFINE(wrq_netascii,)
fd = open("unix.txt", O_RDWR | O_CREAT, 0666);
ATF_REQUIRE(fd >= 0);
close(fd);
- contents_len = strlen(contents) + 1;
+ contents_len = sizeof(contents);
SEND_WRQ("unix.txt", "netascii");
recv_ack(0);
send_data(1, contents, contents_len);
recv_ack(1);
- atf_tc_expect_fail("PR 157700 tftpd expects more data after EOF");
fd = open("unix.txt", O_RDONLY);
ATF_REQUIRE(fd >= 0);
r = read(fd, buffer, sizeof(buffer));
@@ -916,8 +910,6 @@ TFTPD_TC_DEFINE(wrq_netascii,)
TFTPD_TC_DEFINE(wrq_nonexistent,)
{
SEND_WRQ("nonexistent.txt", "octet");
- atf_tc_expect_fail("PR 225996 tftpd doesn't abort on a WRQ access "
- "violation");
RECV_ERROR(1, "File not found");
}
@@ -942,7 +934,6 @@ TFTPD_TC_DEFINE(wrq_small,)
send_data(1, contents, contents_len);
recv_ack(1);
- atf_tc_expect_fail("PR 157700 tftpd expects more data after EOF");
fd = open("small.txt", O_RDONLY);
ATF_REQUIRE(fd >= 0);
r = read(fd, buffer, sizeof(buffer));
Modified: stable/11/libexec/tftpd/tftp-transfer.c
==============================================================================
--- stable/11/libexec/tftpd/tftp-transfer.c Mon Apr 16 16:32:00 2018 (r332608)
+++ stable/11/libexec/tftpd/tftp-transfer.c Mon Apr 16 16:33:35 2018 (r332609)
@@ -302,6 +302,8 @@ send_ack:
gettimeofday(&(ts->tstop), NULL);
} while (n_data == segsize);
+ write_close();
+
/* Don't do late packet management for the client implementation */
if (acting_as_client)
return;
Modified: stable/11/libexec/tftpd/tftpd.c
==============================================================================
--- stable/11/libexec/tftpd/tftpd.c Mon Apr 16 16:32:00 2018 (r332608)
+++ stable/11/libexec/tftpd/tftpd.c Mon Apr 16 16:33:35 2018 (r332609)
@@ -419,8 +419,7 @@ main(int argc, char *argv[])
"%s read access denied", peername);
exit(1);
}
- }
- if (tp->th_opcode == WRQ) {
+ } else if (tp->th_opcode == WRQ) {
if (allow_wo)
tftp_wrq(peer, tp->th_stuff, n - 1);
else {
@@ -428,7 +427,8 @@ main(int argc, char *argv[])
"%s write access denied", peername);
exit(1);
}
- }
+ } else
+ send_error(peer, EBADOP);
exit(1);
}
@@ -543,6 +543,10 @@ tftp_wrq(int peer, char *recvbuffer, ssize_t size)
filename, errtomsg(ecode));
}
+ if (ecode) {
+ send_error(peer, ecode);
+ exit(1);
+ }
tftp_recvfile(peer, mode);
exit(0);
}
@@ -741,8 +745,12 @@ validate_access(int peer, char **filep, int mode)
dirp->name, filename);
if (stat(pathname, &stbuf) == 0 &&
(stbuf.st_mode & S_IFMT) == S_IFREG) {
- if ((stbuf.st_mode & S_IROTH) != 0) {
- break;
+ if (mode == RRQ) {
+ if ((stbuf.st_mode & S_IROTH) != 0)
+ break;
+ } else {
+ if ((stbuf.st_mode & S_IWOTH) != 0)
+ break;
}
err = EACCESS;
}
@@ -751,6 +759,8 @@ validate_access(int peer, char **filep, int mode)
*filep = filename = pathname;
else if (mode == RRQ)
return (err);
+ else if (err != ENOTFOUND || !create_new)
+ return (err);
}
/*
@@ -821,7 +831,6 @@ tftp_recvfile(int peer, const char *mode)
block = 0;
tftp_receive(peer, &block, &ts, NULL, 0);
- write_close();
gettimeofday(&now2, NULL);
if (debug&DEBUG_SIMPLE) {
Modified: stable/11/usr.bin/tftp/tftp.c
==============================================================================
--- stable/11/usr.bin/tftp/tftp.c Mon Apr 16 16:32:00 2018 (r332608)
+++ stable/11/usr.bin/tftp/tftp.c Mon Apr 16 16:33:35 2018 (r332609)
@@ -263,7 +263,6 @@ recvfile(int peer, char *port, int fd, char *name, cha
tftp_receive(peer, &block, &tftp_stats, rp, n);
}
- write_close();
if (tftp_stats.amount > 0)
printstats("Received", verbose, &tftp_stats);
return;
More information about the svn-src-stable
mailing list