#
339051 |
|
01-Oct-2018 |
asomers |
MFC r336605:
Fix multiple Coverity warnings in tftpd(8)
* Initialize uninitialized variable (CID 1006502) * strcpy => strlcpy (CID 1006792, 1006791, 1006790) * Check function return values (CID 1009442, 1009441, 1009440) * Delete dead code in receive_packet (not reported by Coverity) * Remove redundant alarm(3) in receive_packet (not reported by Coverity)
Reported by: Coverity CID: 1006502, 1006792, 1006791, 1006790, 1009442, 1009441, 1009440 Differential Revision: https://reviews.freebsd.org/D11287
|
#
332609 |
|
16-Apr-2018 |
asomers |
MFC r330710, r330718-r330720
r330710: tftpd: Flush files as soon as they are fully received
On an RRQ, tftpd doesn't exit as soon as it's finished receiving a file. Instead, it waits five seconds just in case the client didn't receive the server's last ACK and decides to resend the final DATA packet. Unfortunately, this created a 5 second delay from when the client thinks it's done sending the file, and when the file is available for other processes.
Fix this bug by closing the file as soon as receipt is finished.
PR: 157700 Reported by: Barry Mishler <barry_mishler@yahoo.com>
r330718: tftpd: Verify world-writability for WRQ when using relative paths
tftpd(8) says that files may only be written if they already exist and are publicly writable. tftpd.c verifies that a file is publicly writable if it uses an absolute pathname. However, if the pathname is relative, that check is skipped. Fix it.
Note that this is not a security vulnerability, because the transfer ultimately doesn't work unless the file already exists and is owned by user nobody. Also, this bug does not affect the default configuration, because the default uses the "-s" option which makes all pathnames absolute.
PR: 226004
r330719: tftpd: Abort on an WRQ access violation
On a WRQ (write request) tftpd checks whether the client has access permission for the file in question. If not, then the write is prevented. However, tftpd doesn't reply with an ERROR packet, nor does it abort. Instead, it tries to receive the packet anyway.
The symptom is slightly different depending on the nature of the error. If the target file is nonexistent and tftpd lacks permission to create it, then tftpd will willingly receive the file, but not write it anywhere. If the file exists but is not writable, then tftpd will fail to ACK to WRQ.
PR: 225996
r330720: tftpd: reject unknown opcodes
If tftpd receives a command with an unknown opcode, it simply exits 1. It doesn't send an ERROR packet, and the client will hang waiting for one. Fix it.
PR: 226005
|
#
331722 |
|
29-Mar-2018 |
eadler |
Revert r330897:
This was intended to be a non-functional change. It wasn't. The commit message was thus wrong. In addition it broke arm, and merged crypto related code.
Revert with prejudice.
This revert skips files touched in r316370 since that commit was since MFCed. This revert also skips files that require $FreeBSD$ property changes.
Thank you to those who helped me get out of this mess including but not limited to gonzo, kevans, rgrimes.
Requested by: gjb (re)
|
#
330897 |
|
14-Mar-2018 |
eadler |
Partial merge of the SPDX changes
These changes are incomplete but are making it difficult to determine what other changes can/should be merged.
No objections from: pfg
|
#
313231 |
|
04-Feb-2017 |
ngie |
MFC r311473:
Conditionalize all code that uses tcpd.h behind `LIBWRAP` guard
This will allow the code to stand by itself without libwrap
|
#
302408 |
|
07-Jul-2016 |
gjb |
Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle. Prune svn:mergeinfo from the new branch, as nothing has been merged here.
Additional commits post-branch will follow.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
262136 |
|
17-Feb-2014 |
brueffer |
Remove the 3rd clause ("advertising clause") of the BSD license as permitted by the University of Berkeley on July 22, 1999.
Reviewed by: imp MFC after: 1 week
|
#
246139 |
|
30-Jan-2013 |
marius |
Mark tftp_log() as __printflike() (which would have caught the bug fixed in r246106) and deal with the fallout.
MFC after: 2 weeks
|
#
241848 |
|
22-Oct-2012 |
eadler |
Check the return error of set[e][ug]id. While this can never fail in the current version of FreeBSD, this isn't guarenteed by the API. Custom security modules, or future implementations of the setuid and setgid may fail.
Submitted by: Erik Cederstrand Approved by: cperciva MFC after: 3 days
|
#
241720 |
|
19-Oct-2012 |
ed |
Fix warnings found by -Wmising-variable-declarations.
This self-written compiler warning, which is hopefully going to be committed into LLVM sources soon, warns about potentially missing `static' keywords, similar to -Wmissing-prototypes.
- bin/pax: Move external declaration of chdname and s_mask into extern.h. - bin/setfacl: Move setfacl.c-specific stuff out of setfacl.h. - sbin/mount_fusefs: Remove char *progname; use getprogname(). - others: add `static' where possible.
|
#
213102 |
|
24-Sep-2010 |
marius |
Remove the duplicate logging of failed read requests, whose error message also was inappropriate as it triggered for every EACCESS and ENOTFOUND, not just the case the -n option is intended to deal with and thus really spammed us with ~20 messages in the default configuration when booting a diskless FreeBSD client, introduced with r207608 again.
MFC after: 1 week
|
#
213099 |
|
24-Sep-2010 |
marius |
Make WARNS=6 clean.
MFC after: 1 week
|
#
207608 |
|
04-May-2010 |
imp |
Go ahead and merge the work edwin@ on tftpd into the tree. It is a lot better than what's in the tree now. Edwin tested it at a prior employer, but can't test it today. I've found that it works a lot better with the various uboot versions that I've used in my embedded work. Here's the pkg-descr from the port that describes the changes:
It all started when we got some new routers, which told me the following when trying to upload configuration or download images from it: The TFTP server doesn't support the blocksize option.
My curiousity was triggered, it took me some reading of RFCs and other documentation to find out what was possible and what could be done. Was plain TFTP very simple in its handshake, TFTP with options was kind of messy because of its backwards capability: The first packet returned could either be an acknowledgement of options, or the first data packet.
Going through the source code of src/libexec/tftpd and going through the code of src/usr.bin/tftp showed that there was a lot of duplicate code, and the addition of options would only increase the amount of duplicate code. After all, both the client and the server can act as a sender and receiver.
At the end, it ended up with a nearly complete rewrite of the tftp client and server. It has been tested against the following TFTP clients and servers:
- Itself (yay!) - The standard FreeBSD tftp client and server - The Fedora Core 6 tftp client and server - Cisco router tftp client - Extreme Networks tftp client
It supports the following RFCs:
RFC1350 - THE TFTP PROTOCOL (REVISION 2) RFC2347 - TFTP Option Extension RFC2348 - TFTP Blocksize Option RFC2349 - TFTP Timeout Interval and Transfer Size Options RFC3617 - Uniform Resource Identifier (URI) Scheme and Applicability Statement for the Trivial File Transfer Protocol (TFTP)
It supports the following unofficial TFTP Options as described at http://www.compuphase.com/tftp.htm:
blksize2 - Block size restricted to powers of 2, excluding protocol headers rollover - Block counter roll-over (roll back to zero or to one)
From the tftp program point of view the following things are changed:
- New commands: "blocksize", "blocksize2", "rollover" and "options" - Development features: "debug" and "packetdrop"
If you try this tftp/tftpd implementation, please let me know if it works (or doesn't work) and against which implementaion so I can get a list of confirmed working systems.
Author: Edwin Groothuis <edwin@FreeBSD.org>
|
#
173852 |
|
22-Nov-2007 |
edwin |
Add the -W options, which acts the same as -w but will generate unique names based on the submitted filename, a strftime(3) format string and a two digit sequence number.
By default the strftime(3) format string is %Y%m%d (YYYYMMDD), but this can be changed by the -F option.
PR: bin/106049 (based on patch in that PR) Approved by: grog@ (mentor)
|
#
146827 |
|
31-May-2005 |
maxim |
o Missed colon in getopt(3) argument makes tftpd(8) crash. Fix that.
PR: misc/81732 Submitted by: Denis Grudkin MFC after: 2 weeks
|
#
146187 |
|
13-May-2005 |
ume |
NI_WITHSCOPEID cleanup. Neither RFC 2553 nor RFC 3493 defines NI_WITHSCOPEID, and our getaddrinfo(3) does nothing special for it, now.
|
#
141922 |
|
14-Feb-2005 |
stefanf |
- Use socklen_t. - No need for 'fromlen' to have file scope. - Remove an unused variable.
|
#
133862 |
|
16-Aug-2004 |
marius |
Instead of "OpenFirmware", "openfirmware", etc. use the official spelling "Open Firmware" from IEEE 1275 and OpenFirmware.org (no pun intended).
Ok'ed by: tmm
|
#
131358 |
|
30-Jun-2004 |
csjp |
The call to setuid(2) subsequently causes setgroups(2) to fail. setgroups(2) requires super-user access in order to complete successfully. Move setgroups(2) to execute before setuid(2) so that it is successful.
|
#
130839 |
|
21-Jun-2004 |
brian |
Call tzset() at startup.
Submitted by: Andrzej ToboĆ
a <ato@iem.pw.edu.pl>
|
#
130834 |
|
21-Jun-2004 |
brian |
o Reduce path names in RRQ and WRQ packets by:
Reducing "/+./" strings to "/" Reducing "/[^/]+/../" to "/"
o Don't send an OACK when the result of the [RW]RQ is an error.
These changes allow tftpd to interact with pxelinux.bin from the syslinux package.
Whilst the path reducing code doesn't properly handle situations where the path component before the "/../" is a symlink to (say) ".", I would suggest that it does the right thing in terms of the clients perception of what their path string actually represents. This seems better than using realpath() and breaking environments where symlinks point outside of the directory hierarchy that tftpd is configured to allow.
|
#
129683 |
|
24-May-2004 |
mdodd |
- Close fd if fdopen(fd) fails. - Format return () to resemble the one 5 lines up.
|
#
129680 |
|
24-May-2004 |
mdodd |
Add two new flags: -w, which allows new files to be created, and -U, which allows the umask to be set.
Obtained from: Patton Electronics, Co.
|
#
122916 |
|
20-Nov-2003 |
sobomax |
Fix a bug which causes wrong filename being written into the syslog in the case when client sends request with RFC2347 options.
Approved by: re MFC After: 2 weeks
|
#
113714 |
|
19-Apr-2003 |
billf |
properly refuse a connection in the -c case if the client ip's subdirectory does not exist.
PR: bin/38303 Submitted by: Woei-Luen, Shyu <m8535@cn.ee.ccu.edu.tw> the committed patch differs from the submitted one, any inaccuracies are mine.
|
#
112452 |
|
20-Mar-2003 |
dwmalone |
Clean up some warnings that don't result in a change in the object file: Constness, missing prototypes, non-ansi prototypes, missing initialisers, unnecessary declarations, shadowing.
Reviewed by: md5
|
#
95496 |
|
26-Apr-2002 |
ume |
Correct indent.
|
#
94443 |
|
11-Apr-2002 |
ume |
IPv6 support for tftp/tftpd.
Obtained from: KAME MFC after: 2 weeks
|
#
94299 |
|
09-Apr-2002 |
ambrisko |
Better handle the case with a network that drops packets by retrying with a back off. This was discovered when Luigi sent me code to handle this for Etherboot. The Etherboot patch worked okay but FreeBSD's tftpd had trouble handling it and would fail to transfer the file since it would abort on send and not retry.
Submitted by: luigi MFC after: 1 week
|
#
90333 |
|
07-Feb-2002 |
imp |
o __P removal o Use new-style prototypes and function definitions. o Fix timeout and justquit to have proper signatures for signal handlers. Mark the args as __unused. o remove register
|
#
86765 |
|
22-Nov-2001 |
benno |
Change the failure mode in option parsing to silently bailing out of option negotiation rather than rejecting the request.
Apple OpenFirmware 3.0f3 (the version in my iMac) adds trailing garbage to the end of an otherwise valid request. Without this change, the requests were rejected which prevented me from booting.
Reviewed by: obrien
|
#
85299 |
|
21-Oct-2001 |
obrien |
When we set our UID to `nobody', set an appropriate group also.
Submitted by: peter
|
#
84047 |
|
27-Sep-2001 |
obrien |
RFC2349 (http://www.hypermail.org/rfcs/rfc2349.html) adds support for negotiation of timeout and file size to the tftp protocol. This is required by some firmware like EFI boot managers (at least on HP i2000 Itanium servers) in order to boot an image using tftp. The attached patch implements the RFC, and in doing so also implements RFC2347; a generic tftp option extension.
PR: 30710 Submitted by: Espen Skoglund <esk@ira.uka.de>
|
#
71926 |
|
02-Feb-2001 |
asmodai |
Fix tftpd and tftp to support file transfers of over 65535 blocks (about 31 MB - 32 MB).
Submitted (partially) by: Pascal Hofstee <daeron@wit401305.student.utwente.nl>
|
#
71616 |
|
25-Jan-2001 |
billf |
Add -c/C which chroots by IP of tftp client, (i.e. /tftproot/127.0.0.1/).
|
#
65850 |
|
14-Sep-2000 |
wollman |
Allow tftpd to run as a specified user, not just `nobody'. Update documentation to reflect new option. Also fix documentation style and add missing references.
PR: 21268 Submitted by: "Aleksandr A. Babaylov" <babolo@links.ru> Reviewed by: imp
|
#
50476 |
|
27-Aug-1999 |
peter |
$Id$ -> $FreeBSD$
|
#
45422 |
|
07-Apr-1999 |
brian |
Ensure that things returned by gethostname() and friends are terminated and allow for a maximum host name length of MAXHOSTNAMELEN - 1. Put parenthesis around sizeof args. Make some variables static. Fix telnetd -u (broken by my last commit)
Prompted by: bde
|
#
45393 |
|
06-Apr-1999 |
brian |
Use realhostname() rather than various combinations of gethostbyaddr() & gethostbyname().
Remove brokeness in ftpd for hosts of MAXHOSTNAMELEN length.
|
#
40765 |
|
30-Oct-1998 |
dg |
Rename a function name so that it doesn't conflict with a future system call.
|
#
35152 |
|
12-Apr-1998 |
phk |
openlog() needs to have LOG_NDELAY added, or else the syslog() calls after the chroot will not get sent to syslogd.
PR: 4910 Reviewed by: phk Submitted by: Jim Mercer <jim@komodo.reptiles.org>
|
#
31512 |
|
03-Dec-1997 |
charnier |
Use full path in synopsis. Syslog will add trailing \n.
|
#
24349 |
|
28-Mar-1997 |
imp |
compare return value from getopt against -1 rather than EOF, per the final posix standard on the topic.
|
#
24193 |
|
24-Mar-1997 |
imp |
Fix non explloitable buffer overflows (since the largest packet processed precludes it) to keep people from whining about it in the newsgroups and mailing lists.
|
#
22989 |
|
22-Feb-1997 |
peter |
Revert $FreeBSD$ to $Id$
|
#
21673 |
|
14-Jan-1997 |
jkh |
Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!) avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been insane otherwise.
|
#
20052 |
|
30-Nov-1996 |
joerg |
Truncate the file when opening it with write intent. Otherwise, there's a good chance that garbage will remain at the end.
Closes PR # bin/2112: tftpd doesn't truncate ...
Reviewed by: fenner
|
#
18471 |
|
22-Sep-1996 |
wosch |
add forgotten $Id$
|
#
18458 |
|
22-Sep-1996 |
imp |
Reviewed by: Bill Fenner <fennder@parc.xerox.com> Reviewed by: Garrett Wollman <wollman@freebsd.org> Submitted by: Warner Losh <imp@village.org> Close PR bin/1145: Add -s flag to tftpd. This enables the so-called secure mode of tftpd where it chroots to a given directory before allowing access to the files. In addition, it runs as nobody when in this mode. Reviewed a long time ago by Bill and Garrett. Apply my patch from the pr, and close the PR.
|
#
6750 |
|
26-Feb-1995 |
jkh |
I think the security check to invalidate ALL write requests was just a little excessive, and violates the specification defined in the manpage to boot.
|
#
1593 |
|
27-May-1994 |
rgrimes |
This commit was generated by cvs2svn to compensate for changes in r1592, which included commits to RCS files with non-trunk default branches.
|
#
1592 |
|
27-May-1994 |
rgrimes |
BSD 4.4 Lite Libexec Sources
|