Forked from
Reform / reform-boundary-uboot
Source project has a limited visibility.
-
Grant Likely authored
The TFTP OACK code trusts that the incoming packet is formated as ASCII text and can be processed by string functions. It also has a loop limit overflow bug where if the packet length is less than 8, it ends up looping over *all* of memory to find the 'blksize' string. This patch solves the problem by forcing the packet to be null terminated and using strstr() to search for the sub string. Signed-off-by:Grant Likely <grant.likely@secretlab.ca>
Grant Likely authoredThe TFTP OACK code trusts that the incoming packet is formated as ASCII text and can be processed by string functions. It also has a loop limit overflow bug where if the packet length is less than 8, it ends up looping over *all* of memory to find the 'blksize' string. This patch solves the problem by forcing the packet to be null terminated and using strstr() to search for the sub string. Signed-off-by:
