tftpd: Abort on an WRQ access violation

On a WRQ (write request) tftpd checks whether the client has access permission for the file in question. If not, then the write is prevented. However, tftpd doesn't reply with an ERROR packet, nor does it abort. Instead, it tries to receive the packet anyway. The symptom is slightly different depending on the nature of the error. If the target file is nonexistent and tftpd lacks permission to create it, then tftpd will willingly receive the file, but not write it anywhere. If the file exists but is not writable, then tftpd will fail to ACK to WRQ. PR: 225996 MFC after: 3 weeks
svn path=/head/; revision=330719
2025-01-25 16:13:17 +00:00 · 2018-03-10 01:43:55 +00:00 · 2018-03-10 01:43:55 +00:00 · b7da179e96 · 2020-12-20 02:59:44 +00:00
commit b7da179e96
parent d89aca7618
2 changed files with 4 additions and 6 deletions
--- a/libexec/tftpd/tests/functional.c
+++ b/libexec/tftpd/tests/functional.c
@ -817,8 +817,6 @@ TFTPD_TC_DEFINE(wrq_eaccess,)
 	close(fd);

 	SEND_WRQ("empty.txt", "octet");
-	atf_tc_expect_fail("PR 225996 tftpd doesn't abort on a WRQ access "
-	    "violation");
 	RECV_ERROR(2, "Access violation");
 }

@ -835,8 +833,6 @@ TFTPD_TC_DEFINE(wrq_eaccess_world_readable,)
 	close(fd);

 	SEND_WRQ("empty.txt", "octet");
-	atf_tc_expect_fail("PR 225996 tftpd doesn't abort on a WRQ access "
-	    "violation");
 	RECV_ERROR(2, "Access violation");
 }

@ -911,8 +907,6 @@ TFTPD_TC_DEFINE(wrq_netascii,)
 TFTPD_TC_DEFINE(wrq_nonexistent,)
 {
 	SEND_WRQ("nonexistent.txt", "octet");
-	atf_tc_expect_fail("PR 225996 tftpd doesn't abort on a WRQ access "
-	    "violation");
 	RECV_ERROR(1, "File not found");
 }

--- a/libexec/tftpd/tftpd.c
+++ b/libexec/tftpd/tftpd.c
@ -545,6 +545,10 @@ tftp_wrq(int peer, char *recvbuffer, ssize_t size)
 			    filename, errtomsg(ecode));
 	}

+	if (ecode) {
+		send_error(peer, ecode);
+		exit(1);
+	}
 	tftp_recvfile(peer, mode);
 	exit(0);
 }