blob: 0131dedb1cdec4b3d7c0e3d0243b31646d336260 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
From 5b4dcbe1c8fb178e4d31b9a9e63e603b73e8fb2f Mon Sep 17 00:00:00 2001
From: Dave Wapstra <dwapstra@cisco.com>
Date: Wed, 3 Jul 2024 14:32:58 +1200
Subject: [PATCH] Add packet size check
CVE: CVE-2023-46566
Upstream-Status: Backport [https://github.com/msoulier/tftpy/commit/5b4dcbe1c8fb178e4d31b9a9e63e603b73e8fb2f]
---
tftpy/TftpPacketFactory.py | 1 +
1 file changed, 1 insertion(+)
diff --git a/tftpy/TftpPacketFactory.py b/tftpy/TftpPacketFactory.py
index 41f39a9..a8c9cd0 100644
--- a/tftpy/TftpPacketFactory.py
+++ b/tftpy/TftpPacketFactory.py
@@ -29,6 +29,7 @@ class TftpPacketFactory(object):
"""This method is used to parse an existing datagram into its
corresponding TftpPacket object. The buffer is the raw bytes off of
the network."""
+ tftpassert(len(buffer) > 2, 'Invalid packet size')
log.debug("parsing a %d byte packet" % len(buffer))
(opcode,) = struct.unpack(str("!H"), buffer[:2])
log.debug("opcode is %d" % opcode)
--
2.40.0
|
