NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: bin/49868: tftpd(8) doesn't play well with clients that return acknowledgements to the broadcast address



The following reply was made to PR bin/49868; it has been noted by GNATS.

From: Brian Buhrow <buhrow%via.net@localhost>
To: gnats-bugs%NetBSD.org@localhost, gnats-admin%NetBSD.org@localhost, netbsd-bugs%NetBSD.org@localhost
Cc: buhrow%nfbcal.org@localhost
Subject: Re: bin/49868: tftpd(8) doesn't play well with clients that return acknowledgements to the broadcast address
Date: Thu, 30 Apr 2015 14:40:38 -0700

 On Apr 30,  9:05pm, Christos Zoulas wrote:
 } Subject: Re: bin/49868: tftpd(8) doesn't play well with clients that retur
 } The following reply was made to PR bin/49868; it has been noted by GNATS.
 } 
 }  I agree, but I am wondering if one can fake a packet coming coming from a
 }  broadcast address and cause tftpd send datagrams to the broadcast address
 }  too. If that's the case, then a warning should be added to the man page
 }  next to the option documentation. I have not really examined the code to
 }  see if that's possible though (inetd and tftpd). Otherwise I think it is
 }  fine to commit this.
 }  
 }  christos
 }  
 
 	Hello.  The only way to get the tftpd to return packets to the
 broadcast address is if inetd can be tricked into initiating a connection
 with a broadcast address.  In looking at the inetd(8) source code, it looks
 like there are checks in there to assure that this doesn't happen.  The
 change I'm making won't allow traffic to be redirected to a broadcast
 address after the fact even if a reply comes from a broadcast address
 in the midle of a session.  That's because tftpd(8) only sets the client's
 source address from the socket passed to it by inetd(8).  Once that's done,
 it doesn't change for the life of the session.
 -thanks
 -Brian
 



Home | Main Index | Thread Index | Old Index