[commons-sandbox-net] Re: [devel-netcomponents] Patch for TFTP to ignore remote address

["Daniel F. Savarese" <df...@savarese.org>]

In message <ac...@eGroups.com>, "yschimke" writes:
>I've uploaded a tar file containing the modified TFTPClient.java file 
>and some junit test cases.  Since I don't have apache commit rights, 
>could someone take on the duty of validating my changes and 
>committing them.

Patches should go to commons-dev, but that hasn't yet been advertised
on the old NetComponents site.  In any case, I disagree with the
proposed patch.  It is implicit in RFC 789 that a TFTP transfer
is a conversation between two hosts.  If a third host interjects
itself into the conversation, that is clearly an error.  In my opinion,
the correct way to deal with the problem you've encountered is to
retrieve the source IP address from the first server reply and validate
against that instead of the server IP address originally used by the
client to initiate the conversation.  Patch attached.  If I am wrong
and this does not address your problem, then I would have to agree with
the looser restriction in your patch.

Unrelated comment from generating patch that should be ignored: the
source is well-nigh unreadable with the new formatting (I tried to
conform to it).  I barely recognized the code.  So it goes.  

daniel