The tftp th_block is unsigned short, but tftp code in libstand is tracking transaction id's with struct iodesc field xid, which is long. In case of large files, the transaction id will reset to 0 but current code will miss it as it does compare short int with long int. the fix is simple: --- a/libstand/tftp.c +++ b/libstand/tftp.c @@ -200,7 +200,7 @@ recvtftp(struct tftp_handle *h, void *pkt, ssize_t len, time_t tleft, case DATA: { int got; - if (htons(t->th_block) != d->xid) { + if (htons(t->th_block) != (u_short) d->xid) { /* * Expected block? */
A commit references this bug: Author: tsoome Date: Wed Aug 31 09:23:10 UTC 2016 New revision: 305116 URL: https://svnweb.freebsd.org/changeset/base/305116 Log: recvtftp() is broken for large files, report file size The tftp download for large files will cause internal block id to wrap to 0 as the data type is unsigned short. Also provide file size information for stat. PR: 200500 Reported by: tsoome Reviewed by: allanjude Approved by: allanjude (mentor) Differential Revision: https://reviews.freebsd.org/D7660 Changes: head/lib/libstand/tftp.c
A commit references this bug: Author: kevans Date: Sat Feb 10 01:52:58 UTC 2018 New revision: 329098 URL: https://svnweb.freebsd.org/changeset/base/329098 Log: MFC libstand catch-up: r305116,306534,306538,306552,306638 r305116: recvtftp() is broken for large files, report file size r306534: cd9660_open should check for padding r306538: cstyle fix of cd9660_open in libstand r306552: Fix remaining cstyle issues in libstand/cd9660.c r306638: Fix remaining bugs in libstand/cd9660.c reported by Bruce Evans. PR: 200500 Changes: _U stable/11/ stable/11/lib/libstand/cd9660.c stable/11/lib/libstand/tftp.c