]> git.ipfire.org Git - thirdparty/curl.git/commit
projects / thirdparty / curl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 82f3ba3) | patch
tftp: Alloc maximum blksize, and use default unless OACK is received
authorThomas Vegas <>
Sat, 31 Aug 2019 15:30:51 +0000 (17:30 +0200)
committerDaniel Stenberg <daniel@haxx.se>
Mon, 9 Sep 2019 06:14:34 +0000 (08:14 +0200)
commitfacb0e4662415b5f28163e853dc6742ac5fafb3d
tree5ecad0420a09cb3ca331b2d9a5199c983c85db15tree
parent82f3ba3806a34fe94dcf9e5c9b88deda6679ca1bcommit | diff
tftp: Alloc maximum blksize, and use default unless OACK is received

Fixes potential buffer overflow from 'recvfrom()', should the server
return an OACK without blksize.

Bug: https://curl.haxx.se/docs/CVE-2019-5482.html
CVE-2019-5482
lib/tftp.c diff | blob | blame | history
Mirror of https://github.com/curl/curl.git