Subject: bin/19842: Bug in tftp nak()
To: None <gnats-bugs@gnats.netbsd.org>
From: Brian Ginsbach <ginsbach@cray.com>
List: netbsd-bugs
Date: 01/13/2003 15:47:52
>Number:         19842
>Category:       bin
>Synopsis:       Bug in tftp nak() causes warning even if sendto() succeeds
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Jan 13 13:48:01 PST 2003
>Closed-Date:
>Last-Modified:
>Originator:     Brian Ginsbach
>Release:        NetBSD 1.5.x, 1.6
>Organization:
Cray Inc.
>Environment:
System: NetBSD nbtest.cray.com 1.5.3 NetBSD 1.5.3 (NBTEST) #2: Fri Sep 6 15:37:51 CDT 2002 ginsbach@nbtest.cray.com:/usr/src/sys/arch/i386/compile/NBTEST i386
>Description:
	tftp will always warn about an error in nak when called.  The
	following code is incorrect in both 1.6 (tftp.c:1.15) and 1.5.x
	(tftp.c:1.11.4.1).

        length = strlen(tp->th_msg);
        msglen = &tp->th_msg[length + 1] - ackbuf;
	...
        if (sendto(f, ackbuf, msglen, 0, peer, peer->sa_len) != length)
                warn("nak");

	It is not possible for msglen to equal length so it will always
	appear that sendto() failed.  This causes the following warning:

	tftp: nak: Undefined error: 0

>How-To-Repeat:
	Get tftp to fail in either sendfile() or recvfile() and
	see that the above "error" is always displayed.  Problem
	originally discovered by inspection.  sendto() returns the
	number of characters written and msglen is not the same as
	length.  The test was not changed when the len argument to
	sendto() was changed from length to msglen (rev. 1.13).

>Fix:
Index: tftp.c
===================================================================
RCS file: /cvsroot/src/usr.bin/tftp/tftp.c,v
retrieving revision 1.15
diff -u -r1.15 tftp.c
--- tftp.c      2000/12/30 18:00:18     1.15
+++ tftp.c      2003/01/13 21:42:24
@@ -402,7 +402,7 @@
        msglen = &tp->th_msg[length + 1] - ackbuf;
        if (trace)
                tpacket("sent", tp, (int)msglen);
-       if (sendto(f, ackbuf, msglen, 0, peer, peer->sa_len) != length)
+       if (sendto(f, ackbuf, msglen, 0, peer, peer->sa_len) != msglen)
                warn("nak");
 }

>Release-Note:
>Audit-Trail:
>Unformatted: