You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by se...@apache.org on 2017/02/09 16:09:31 UTC
svn commit: r1782356 - in /commons/proper/net/trunk/src: changes/changes.xml
main/java/org/apache/commons/net/tftp/TFTPClient.java
Author: sebb
Date: Thu Feb 9 16:09:31 2017
New Revision: 1782356
URL: http://svn.apache.org/viewvc?rev=1782356&view=rev
Log:
NET-414 Apache Commons TFTP does not reject request replies that originate from a control port.
Modified:
commons/proper/net/trunk/src/changes/changes.xml
commons/proper/net/trunk/src/main/java/org/apache/commons/net/tftp/TFTPClient.java
Modified: commons/proper/net/trunk/src/changes/changes.xml
URL: http://svn.apache.org/viewvc/commons/proper/net/trunk/src/changes/changes.xml?rev=1782356&r1=1782355&r2=1782356&view=diff
==============================================================================
--- commons/proper/net/trunk/src/changes/changes.xml [utf-8] (original)
+++ commons/proper/net/trunk/src/changes/changes.xml [utf-8] Thu Feb 9 16:09:31 2017
@@ -87,6 +87,9 @@ without checking it if is a space.
The POP3Mail examples can now get password from console, stdin or an environment variable.
">
+ <action issue="NET-414" type="fix" dev="sebb" due-to="Chuck Wolber">
+ Apache Commons TFTP does not reject request replies that originate from a control port.
+ </action>
<action issue="NET-477" type="fix" dev="sebb" due-to="John Walton">
TFTP sendFile retry broken
</action>
Modified: commons/proper/net/trunk/src/main/java/org/apache/commons/net/tftp/TFTPClient.java
URL: http://svn.apache.org/viewvc/commons/proper/net/trunk/src/main/java/org/apache/commons/net/tftp/TFTPClient.java?rev=1782356&r1=1782355&r2=1782356&view=diff
==============================================================================
--- commons/proper/net/trunk/src/main/java/org/apache/commons/net/tftp/TFTPClient.java (original)
+++ commons/proper/net/trunk/src/main/java/org/apache/commons/net/tftp/TFTPClient.java Thu Feb 9 16:09:31 2017
@@ -177,6 +177,13 @@ public class TFTPClient extends TFTP
final InetAddress recdAddress = received.getAddress();
if (lastBlock == 0)
{
+ if (recdPort == port) { // must not use the control port here
+ TFTPErrorPacket error = new TFTPErrorPacket(recdAddress,
+ recdPort, TFTPErrorPacket.UNKNOWN_TID,
+ "INCORRECT SOURCE PORT");
+ bufferedSend(error);
+ throw new IOException("Incorrect source port ("+recdPort+") in request reply.");
+ }
hostPort = recdPort;
ack.setPort(hostPort);
if(!host.equals(recdAddress))
@@ -377,6 +384,13 @@ public class TFTPClient extends TFTP
// answering host address (for hosts with multiple IPs)
if (justStarted) {
justStarted = false;
+ if (recdPort == port) { // must not use the control port here
+ TFTPErrorPacket error = new TFTPErrorPacket(recdAddress,
+ recdPort, TFTPErrorPacket.UNKNOWN_TID,
+ "INCORRECT SOURCE PORT");
+ bufferedSend(error);
+ throw new IOException("Incorrect source port ("+recdPort+") in request reply.");
+ }
hostPort = recdPort;
data.setPort(hostPort);
if (!host.equals(recdAddress)) {