[riot-notifications] [RIOT-OS/RIOT] gnrc_tftp: initialize unititialized 'tftp_context_t' (#11773)

nmeum notifications at github.com
Wed Jul 3 16:32:58 CEST 2019


nmeum commented on this pull request.



> @@ -405,11 +405,14 @@ int gnrc_tftp_server(tftp_data_cb_t data_cb, tftp_start_cb_t start_cb, tftp_stop
     }
 
     /* context will be initialized when a connection is established */
-    tftp_context_t ctxt;
-    ctxt.data_cb = data_cb;
-    ctxt.start_cb = start_cb;
-    ctxt.stop_cb = stop_cb;
-    ctxt.enable_options = use_options;
+    tftp_context_t ctxt = {
+        .dst_port = GNRC_TFTP_DEFAULT_DST_PORT,
+        .src_port = GNRC_TFTP_DEFAULT_DST_PORT,

> I tested it with your crafted input, and it did not crash

My previous test input gets rejected due to the blocknum contained in it. If you compile with `ENABLE_DEBUG` you get (among other things):

```
tftp: not the packet we were waiting for, expected 1, received 0
```

If you change the blocknum in the test input `gnrc_tftp` crashes:

```
echo AAMAAWZvb2Jhcg== | base64 -d | nc -u '[ip-address%tap0]' 69
``

Can you reproduces this or am I simply doing something wrong?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/RIOT-OS/RIOT/pull/11773#discussion_r299990171
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riot-os.org/pipermail/notifications/attachments/20190703/fc97ad22/attachment.html>


More information about the notifications mailing list