From 5b4dcbe1c8fb178e4d31b9a9e63e603b73e8fb2f Mon Sep 17 00:00:00 2001
From: Dave Wapstra <dwapstra@cisco.com>
Date: Wed, 3 Jul 2024 14:32:58 +1200
Subject: [PATCH] Add packet size check

CVE: CVE-2023-46566

Upstream-Status: Backport [https://github.com/msoulier/tftpy/commit/5b4dcbe1c8fb178e4d31b9a9e63e603b73e8fb2f]
---
 tftpy/TftpPacketFactory.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tftpy/TftpPacketFactory.py b/tftpy/TftpPacketFactory.py
index 41f39a9..a8c9cd0 100644
--- a/tftpy/TftpPacketFactory.py
+++ b/tftpy/TftpPacketFactory.py
@@ -29,6 +29,7 @@ class TftpPacketFactory(object):
         """This method is used to parse an existing datagram into its
         corresponding TftpPacket object. The buffer is the raw bytes off of
         the network."""
+        tftpassert(len(buffer) > 2, 'Invalid packet size')
         log.debug("parsing a %d byte packet" % len(buffer))
         (opcode,) = struct.unpack(str("!H"), buffer[:2])
         log.debug("opcode is %d" % opcode)
--
2.40.0