CVS commit: src/sys/arch/sandpoint/stand/altboot

To: source-changes%NetBSD.org@localhost
Subject: CVS commit: src/sys/arch/sandpoint/stand/altboot
From: "Rin Okuyama" <rin%netbsd.org@localhost>
Date: Thu, 25 Mar 2021 03:44:25 +0000

Module Name:    src
Committed By:   rin
Date:           Thu Mar 25 03:44:25 UTC 2021

Modified Files:
        src/sys/arch/sandpoint/stand/altboot: rge.c

Log Message:
Fix tftp boot with RTL8169/8110.

When sending frame shorter than 60 octets, we add trailing \0's to
payload to construct 60-octet frame.

rge.c rev 1.4--1.7 did this tail-padding on buffer provided by caller,
which results in memory corruption if buffer is shorter than 60 bytes.

Instead, allocate temporary buffer on stack, and work on it.

This bug affects tftp_getnextblock() compiled by GCC8 and later, by
which stack layout has drastically changed. However, even with GCC7,
if tftp.c is compiled with -O0, the bug becomes tangible.


To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 src/sys/arch/sandpoint/stand/altboot/rge.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: src
Next by Date: CVS commit: src/sys/dev
Previous by Thread: CVS commit: src
Next by Thread: CVS commit: src/sys/dev
Indexes:

Home | Main Index | Thread Index | Old Index