[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

TFTP client crash seems to be caused by missing bounds check in makeargv

From: Erik Auerswald
Subject: TFTP client crash seems to be caused by missing bounds check in makeargv()
Date: Sun, 4 Sep 2022 17:34:38 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0


On 03.09.22 19:07, Erik Auerswald wrote:
On Sat, Sep 03, 2022 at 05:39:45PM +0200, Simon Josefsson wrote:
did you notice some fuzzing report that wasn't fixed?

I think the following reports have not yet been addressed:

I do intend to look into these issues, but I cannot say when...

* Problems found in tftp (the code did not change since the report):

   * Untrusted Pointer Dereference in getcmd() at inetutils/src/tftp.c:878

That seems to be a missing bounds check in makeargv(), similar
to the old, now fixed, code in telnet.

I'll look into creating a nice reproducer instead of the one
found by the fuzzer, adding a test case, and fixing the bug.

There might be an opportunity to refactor the code to avoid
having to fix the same problem again and again….



reply via email to

[Prev in Thread] Current Thread [Next in Thread]