[riot-notifications] [RIOT-OS/RIOT] gnrc_tftp: Fix out-of-bounds memory access when comparing modes (#11737)

nmeum notifications at github.com
Mon Jun 24 19:40:38 CEST 2019


<!--
The RIOT community cares a lot about code quality.
Therefore, before describing what your contribution is about, we would like
you to make sure that your modifications are compliant with the RIOT
coding conventions, see https://github.com/RIOT-OS/RIOT/wiki/Coding-conventions.
-->

### Contribution description

`gnrc_tftp` performs an out-of-bounds memory access when comparing defined TFTP modes (`netascii`, `octet`, or `mail`) with the one in the received TFTP packet. This is due to the fact that the code currently doesn't check whether the mode string used for comparison is longer than the remaining bytes in the packet. This PR introduces such a check.
You can view, comment on, or merge this pull request online at:

  https://github.com/RIOT-OS/RIOT/pull/11737

-- Commit Summary --

  * gnrc_tftp: Fix out-of-bounds memory access when comparing modes

-- File Changes --

    M sys/net/gnrc/application_layer/tftp/gnrc_tftp.c (11)

-- Patch Links --

https://github.com/RIOT-OS/RIOT/pull/11737.patch
https://github.com/RIOT-OS/RIOT/pull/11737.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/RIOT-OS/RIOT/pull/11737
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riot-os.org/pipermail/notifications/attachments/20190624/626fc805/attachment.html>


More information about the notifications mailing list