MFC r330710, r330718-r330720

r330710:
tftpd: Flush files as soon as they are fully received

On an RRQ, tftpd doesn't exit as soon as it's finished receiving a file.
Instead, it waits five seconds just in case the client didn't receive the
server's last ACK and decides to resend the final DATA packet.
Unfortunately, this created a 5 second delay from when the client thinks
it's done sending the file, and when the file is available for other
processes.

Fix this bug by closing the file as soon as receipt is finished.

PR:			157700
Reported by:		Barry Mishler <barry_mishler@yahoo.com>

r330718:
tftpd: Verify world-writability for WRQ when using relative paths

tftpd(8) says that files may only be written if they already exist and are
publicly writable.  tftpd.c verifies that a file is publicly writable if it
uses an absolute pathname.  However, if the pathname is relative, that check
is skipped.  Fix it.

Note that this is not a security vulnerability, because the transfer
ultimately doesn't work unless the file already exists and is owned by user
nobody.  Also, this bug does not affect the default configuration, because
the default uses the "-s" option which makes all pathnames absolute.

PR:		226004

r330719:
tftpd: Abort on an WRQ access violation

On a WRQ (write request) tftpd checks whether the client has access
permission for the file in question.  If not, then the write is prevented.
However, tftpd doesn't reply with an ERROR packet, nor does it abort.
Instead, it tries to receive the packet anyway.

The symptom is slightly different depending on the nature of the error.  If
the target file is nonexistent and tftpd lacks permission to create it, then
tftpd will willingly receive the file, but not write it anywhere.  If the
file exists but is not writable, then tftpd will fail to ACK to WRQ.

PR:		225996

r330720:
tftpd: reject unknown opcodes

If tftpd receives a command with an unknown opcode, it simply exits 1.  It
doesn't send an ERROR packet, and the client will hang waiting for one.  Fix
it.

PR:		226005

4 files changed, 25 insertions, 24 deletions

diff --git a/libexec/tftpd/tests/functional.c b/libexec/tftpd/tests/functional.c
index 04bf36d..d36c52d 100644
--- a/libexec/tftpd/tests/functional.c
+++ b/libexec/tftpd/tests/functional.c
@@ -348,6 +348,10 @@ setup(struct sockaddr_storage *to, uint16_t idx)
 		ATF_REQUIRE((client_s = socket(protocol, SOCK_DGRAM, 0)) > 0);
 		break;
 	}
+
+	/* Clear the client's umask.  Test cases will specify exact modes */
+	umask(0000);
+
 	return (client_s);
 }
 
@@ -671,7 +675,6 @@ TFTPD_TC_DEFINE(unknown_opcode,)
 {
 	/* Looks like an RRQ or WRQ request, but with a bad opcode */
 	SEND_STR("\0\007foo.txt\0octet\0");
-	atf_tc_expect_timeout("PR 226005 tftpd ignores bad opcodes but doesn't reject them");
 	RECV_ERROR(4, "Illegal TFTP operation");
 }
 
@@ -692,7 +695,6 @@ TFTPD_TC_DEFINE(w_flag,, w_flag = 1;)
 	send_data(1, contents, contents_len);
 	recv_ack(1);
 
-	atf_tc_expect_fail("PR 157700 tftpd expects more data after EOF");
 	fd = open("small.txt", O_RDONLY);
 	ATF_REQUIRE(fd >= 0);
 	r = read(fd, buffer, sizeof(buffer));
@@ -714,7 +716,7 @@ TFTPD_TC_DEFINE(wrq_dropped_ack,)
 	for (i = 0; i < nitems(contents); i++)
 		contents[i] = i;
 
-	fd = open("medium.txt", O_RDWR | O_CREAT, 0644);
+	fd = open("medium.txt", O_RDWR | O_CREAT, 0666);
 	ATF_REQUIRE(fd >= 0);
 	close(fd);
 
@@ -730,7 +732,6 @@ TFTPD_TC_DEFINE(wrq_dropped_ack,)
 	send_data(2, (const char*)&contents[128], 256);
 	recv_ack(2);
 
-	atf_tc_expect_fail("PR 157700 tftpd expects more data after EOF");
 	fd = open("medium.txt", O_RDONLY);
 	ATF_REQUIRE(fd >= 0);
 	r = read(fd, buffer, sizeof(buffer));
@@ -749,7 +750,7 @@ TFTPD_TC_DEFINE(wrq_dropped_data,)
 	size_t contents_len;
 	char buffer[1024];
 
-	fd = open("small.txt", O_RDWR | O_CREAT, 0644);
+	fd = open("small.txt", O_RDWR | O_CREAT, 0666);
 	ATF_REQUIRE(fd >= 0);
 	close(fd);
 	contents_len = strlen(contents) + 1;
@@ -764,7 +765,6 @@ TFTPD_TC_DEFINE(wrq_dropped_data,)
 	send_data(1, contents, contents_len);
 	recv_ack(1);
 
-	atf_tc_expect_fail("PR 157700 tftpd expects more data after EOF");
 	fd = open("small.txt", O_RDONLY);
 	ATF_REQUIRE(fd >= 0);
 	r = read(fd, buffer, sizeof(buffer));
@@ -786,7 +786,7 @@ TFTPD_TC_DEFINE(wrq_duped_data,)
 	for (i = 0; i < nitems(contents); i++)
 		contents[i] = i;
 
-	fd = open("medium.txt", O_RDWR | O_CREAT, 0644);
+	fd = open("medium.txt", O_RDWR | O_CREAT, 0666);
 	ATF_REQUIRE(fd >= 0);
 	close(fd);
 
@@ -799,7 +799,6 @@ TFTPD_TC_DEFINE(wrq_duped_data,)
 	send_data(2, (const char*)&contents[128], 256);
 	recv_ack(2);
 
-	atf_tc_expect_fail("PR 157700 tftpd expects more data after EOF");
 	fd = open("medium.txt", O_RDONLY);
 	ATF_REQUIRE(fd >= 0);
 	r = read(fd, buffer, sizeof(buffer));
@@ -819,8 +818,6 @@ TFTPD_TC_DEFINE(wrq_eaccess,)
 	close(fd);
 
 	SEND_WRQ("empty.txt", "octet");
-	atf_tc_expect_fail("PR 225996 tftpd doesn't abort on a WRQ access "
-	    "violation");
 	RECV_ERROR(2, "Access violation");
 }
 
@@ -837,7 +834,6 @@ TFTPD_TC_DEFINE(wrq_eaccess_world_readable,)
 	close(fd);
 
 	SEND_WRQ("empty.txt", "octet");
-	atf_tc_expect_fail("PR 226004 with relative pathnames, tftpd doesn't validate world writability");
 	RECV_ERROR(2, "Access violation");
 }
 
@@ -867,7 +863,6 @@ TFTPD_TC_DEFINE(wrq_medium,)
 	send_data(2, (const char*)&contents[128], 256);
 	recv_ack(2);
 
-	atf_tc_expect_fail("PR 157700 tftpd expects more data after EOF");
 	fd = open("medium.txt", O_RDONLY);
 	ATF_REQUIRE(fd >= 0);
 	r = read(fd, buffer, sizeof(buffer));
@@ -894,14 +889,13 @@ TFTPD_TC_DEFINE(wrq_netascii,)
 	fd = open("unix.txt", O_RDWR | O_CREAT, 0666);
 	ATF_REQUIRE(fd >= 0);
 	close(fd);
-	contents_len = strlen(contents) + 1;
+	contents_len = sizeof(contents);
 
 	SEND_WRQ("unix.txt", "netascii");
 	recv_ack(0);
 	send_data(1, contents, contents_len);
 	recv_ack(1);
 
-	atf_tc_expect_fail("PR 157700 tftpd expects more data after EOF");
 	fd = open("unix.txt", O_RDONLY);
 	ATF_REQUIRE(fd >= 0);
 	r = read(fd, buffer, sizeof(buffer));
@@ -916,8 +910,6 @@ TFTPD_TC_DEFINE(wrq_netascii,)
 TFTPD_TC_DEFINE(wrq_nonexistent,)
 {
 	SEND_WRQ("nonexistent.txt", "octet");
-	atf_tc_expect_fail("PR 225996 tftpd doesn't abort on a WRQ access "
-	    "violation");
 	RECV_ERROR(1, "File not found");
 }
 
@@ -942,7 +934,6 @@ TFTPD_TC_DEFINE(wrq_small,)
 	send_data(1, contents, contents_len);
 	recv_ack(1);
 
-	atf_tc_expect_fail("PR 157700 tftpd expects more data after EOF");
 	fd = open("small.txt", O_RDONLY);
 	ATF_REQUIRE(fd >= 0);
 	r = read(fd, buffer, sizeof(buffer));
diff --git a/libexec/tftpd/tftp-transfer.c b/libexec/tftpd/tftp-transfer.c
index d0c8a95..0311c07 100644
--- a/libexec/tftpd/tftp-transfer.c
+++ b/libexec/tftpd/tftp-transfer.c
@@ -302,6 +302,8 @@ send_ack:
 		gettimeofday(&(ts->tstop), NULL);
 	} while (n_data == segsize);
 
+	write_close();
+
 	/* Don't do late packet management for the client implementation */
 	if (acting_as_client)
 		return;
diff --git a/libexec/tftpd/tftpd.c b/libexec/tftpd/tftpd.c
index 26d8105..aaeede4 100644
--- a/libexec/tftpd/tftpd.c
+++ b/libexec/tftpd/tftpd.c
@@ -419,8 +419,7 @@ main(int argc, char *argv[])
 			    "%s read access denied", peername);
 			exit(1);
 		}
-	}
-	if (tp->th_opcode == WRQ) {
+	} else if (tp->th_opcode == WRQ) {
 		if (allow_wo)
 			tftp_wrq(peer, tp->th_stuff, n - 1);
 		else {
@@ -428,7 +427,8 @@ main(int argc, char *argv[])
 			    "%s write access denied", peername);
 			exit(1);
 		}
-	}
+	} else
+		send_error(peer, EBADOP);
 	exit(1);
 }
 
@@ -543,6 +543,10 @@ tftp_wrq(int peer, char *recvbuffer, ssize_t size)
 			    filename, errtomsg(ecode));
 	}
 
+	if (ecode) {
+		send_error(peer, ecode);
+		exit(1);
+	}
 	tftp_recvfile(peer, mode);
 	exit(0);
 }
@@ -741,8 +745,12 @@ validate_access(int peer, char **filep, int mode)
 				dirp->name, filename);
 			if (stat(pathname, &stbuf) == 0 &&
 			    (stbuf.st_mode & S_IFMT) == S_IFREG) {
-				if ((stbuf.st_mode & S_IROTH) != 0) {
-					break;
+				if (mode == RRQ) {
+					if ((stbuf.st_mode & S_IROTH) != 0)
+						break;
+				} else {
+					if ((stbuf.st_mode & S_IWOTH) != 0)
+						break;
 				}
 				err = EACCESS;
 			}
@@ -751,6 +759,8 @@ validate_access(int peer, char **filep, int mode)
 			*filep = filename = pathname;
 		else if (mode == RRQ)
 			return (err);
+		else if (err != ENOTFOUND || !create_new)
+			return (err);
 	}
 
 	/*
@@ -821,7 +831,6 @@ tftp_recvfile(int peer, const char *mode)
 	block = 0;
 	tftp_receive(peer, &block, &ts, NULL, 0);
 
-	write_close();
 	gettimeofday(&now2, NULL);
 
 	if (debug&DEBUG_SIMPLE) {
diff --git a/usr.bin/tftp/tftp.c b/usr.bin/tftp/tftp.c
index eaf2a6f..6514af3 100644
--- a/usr.bin/tftp/tftp.c
+++ b/usr.bin/tftp/tftp.c
@@ -263,7 +263,6 @@ recvfile(int peer, char *port, int fd, char *name, char *mode)
 		tftp_receive(peer, &block, &tftp_stats, rp, n);
 	}
 
-	write_close();
 	if (tftp_stats.amount > 0)
 		printstats("Received", verbose, &tftp_stats);
 	return;