summaryrefslogtreecommitdiff
path: root/net/tftp.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/tftp.c')
-rw-r--r--net/tftp.c8
1 files changed, 6 insertions, 2 deletions
diff --git a/net/tftp.c b/net/tftp.c
index fb2f50564..5ee767646 100644
--- a/net/tftp.c
+++ b/net/tftp.c
@@ -276,8 +276,12 @@ TftpHandler (uchar * pkt, unsigned dest, unsigned src, unsigned len)
#endif
TftpState = STATE_OACK;
TftpServerPort = src;
- /* Check for 'blksize' option */
- for (i=0;i<len-8;i++) {
+ /*
+ * Check for 'blksize' option.
+ * Careful: "i" is signed, "len" is unsigned, thus
+ * something like "len-8" may give a *huge* number
+ */
+ for (i=0; i+8<len; i++) {
if (strcmp ((char*)pkt+i,"blksize") == 0) {
TftpBlkSize = (unsigned short)
simple_strtoul((char*)pkt+i+8,NULL,10);
generated by cgit v1.2.3-70-g09d2 (git 2.51.2) at 2025-10-31 09:01:20 +0000