This is the mail archive of the
ecos-bugs@sourceware.org
mailing list for the eCos project.
[Bug 1001522] Array index out of bounds in tftp_server.c
- From: bugzilla-daemon at bugs dot ecos dot sourceware dot org
- To: ecos-bugs at ecos dot sourceware dot org
- Date: Thu, 9 Aug 2012 17:05:15 +0100
- Subject: [Bug 1001522] Array index out of bounds in tftp_server.c
- Auto-submitted: auto-generated
- References: <bug-1001522-13@http.bugs.ecos.sourceware.org/>
Please do not reply to this email. Use the web interface provided at:
http://bugs.ecos.sourceware.org/show_bug.cgi?id=1001522
Bernd Edlinger <bernd.edlinger@hotmail.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |bernd.edlinger@hotmail.de
--- Comment #9 from Bernd Edlinger <bernd.edlinger@hotmail.de> 2012-08-09 17:05:10 BST ---
Hello,
one other thing with the code is this:
a valid socket handle is a number >= 0.
in line 610, the check is
if (server->s[server->num_s] < 0 ) {
diag_printf("TFTPD [%x]: can't open socket\n", p);
but later always:
if (server->s[i]) {
FD_SET(server->s[i],&readfds);
what if socket returns 0, because we have not stdio, i.e. inside a
daemon?
should'nt it be like this:
if (server->s[i]>=0) {
FD_SET(server->s[i],&readfds);
and
if (server->s[i]>=0) {
close (server->s[i]);
server->s[i] = -1;
}
???
--
Configure bugmail: http://bugs.ecos.sourceware.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.