diff options
| -rw-r--r-- | libexec/tftpd/tftpd.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/libexec/tftpd/tftpd.c b/libexec/tftpd/tftpd.c index bc24753..6435e8b 100644 --- a/libexec/tftpd/tftpd.c +++ b/libexec/tftpd/tftpd.c @@ -364,8 +364,9 @@ tftp(struct tftphdr *tp, int size) int i, first = 1, has_options = 0, ecode; struct formats *pf; char *filename, *mode, *option, *ccp; + char fnbuf[MAXPATHLEN]; - filename = cp = tp->th_stuff; + cp = tp->th_stuff; again: while (cp < buf + size) { if (*cp == '\0') @@ -376,6 +377,14 @@ again: nak(EBADOP); exit(1); } + i = cp - tp->th_stuff; + if (i >= sizeof(fnbuf)) { + nak(EBADOP); + exit(1); + } + memcpy(fnbuf, tp->th_stuff, i); + fnbuf[i] = '\0'; + filename = fnbuf; if (first) { mode = ++cp; first = 0; |
