WARNING! Gitlab maintenance operation scheduled for Thursday, 18 June between 19:00 and 20:00 (CET). During this time window, short service interruptions (less than 5 minutes) may occur. Thank you in advance for your understanding.

Unverified Commit 25760034 authored May 03, 2019 by Daniel Stenberg

tftp: use the current blksize for recvfrom()

bug: https://curl.haxx.se/docs/CVE-2019-5436.html
Reported-by: l00p3r on hackerone
CVE-2019-5436

parent 9a87fe70

lib/tftp.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -1009,7 +1009,7 @@ static CURLcode tftp_connect(struct connectdata conn, bool done)
		state->sockfd = state->conn->sock[FIRSTSOCKET];
		state->state = TFTP_STATE_START;
		state->error = TFTP_ERR_NONE;
		state->blksize = TFTP_BLKSIZE_DEFAULT;
		state->blksize = blksize;
		state->requested_blksize = blksize;

		((struct sockaddr *)&state->local_addr)->sa_family =

Admin message