Unverified Commit 25760034 authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

tftp: use the current blksize for recvfrom() 

bug: https://curl.haxx.se/docs/CVE-2019-5436.html
Reported-by: l00p3r on hackerone
CVE-2019-5436
parent 9a87fe70

lib/tftp.c

+1 −1
Original line number Diff line number Diff line
@@ -1009,7 +1009,7 @@ static CURLcode tftp_connect(struct connectdata *conn, bool *done) 
  state->sockfd = state->conn->sock[FIRSTSOCKET];

  state->state = TFTP_STATE_START;

  state->error = TFTP_ERR_NONE;

  state->blksize = TFTP_BLKSIZE_DEFAULT;

  state->blksize = blksize;

  state->requested_blksize = blksize;



  ((struct sockaddr *)&state->local_addr)->sa_family =