[riot-notifications] [RIOT-OS/RIOT] gnrc_tftp: Missing minimum length check (#10927)

nmeum notifications at github.com
Fri Feb 1 22:07:28 CET 2019


#### Description

gnrc_tftp is missing a minimum packet length check in the `_tftp_decode_start` function and might thus perform an out-of-bounds read.

#### Steps to reproduce the issue

On native:

1. Add `USEMODULE += gnrc_pktbuf_malloc` to `examples/gnrc_tftp/Makefile`
2. Build `examples/gnrc_tftp` using `make all-valgrind`
3. Run the application using `make term-valgrind`
4. Start the TFTP server using `tftps start` and wait until it started
5. Send a UDP packet to the server using `printf '\x00\x02' | nc -u '[ip-address%tap0]' 69`

#### Expected results

Valgrind shouldn't report any invalid reads.

#### Actual results

Valgrind reports various invalid reads of size 1.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/RIOT-OS/RIOT/issues/10927
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riot-os.org/pipermail/notifications/attachments/20190201/6aa2364a/attachment-0001.html>


More information about the notifications mailing list