[PATCH] tftp fixes

[PATCH] tftp fixes

[Sascha Hauer]

Two fixes. One rather cosmetic, but the second is important for
the reliability of the tftp fs support.

Sascha

----------------------------------------------------------------
Sascha Hauer (2):
      fs tftp: Only request a block once
      fs tftp: Fix possible fifo overflow

 fs/tftp.c |   12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH 1/2] fs tftp: Only request a block once

[Sascha Hauer]

tftp_send is called often. Each time, when in STATE_RDATA, a packet
is requested from the tftp server, even if we requested the same packet
already.
Stop this by tracking which packet we requested.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
---
 fs/tftp.c |    6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/fs/tftp.c b/fs/tftp.c
index ae57f95..d89272e 100644
--- a/fs/tftp.c
+++ b/fs/tftp.c
@@ -80,6 +80,7 @@ struct file_priv {
 	struct kfifo *fifo;
 	void *buf;
 	int blocksize;
+	int block_requested;
 };
 
 struct tftp_priv {
@@ -152,11 +153,14 @@ static int tftp_send(struct file_priv *priv)
 		break;
 
 	case STATE_RDATA:
+		if (priv->block == priv->block_requested)
+			return 0;
 	case STATE_OACK:
 		xp = pkt;
 		s = (uint16_t *)pkt;
 		*s++ = htons(TFTP_ACK);
 		*s++ = htons(priv->block);
+		priv->block_requested = priv->block;
 		pkt = (unsigned char *)s;
 		len = pkt - xp;
 		break;
@@ -199,6 +203,7 @@ static int tftp_poll(struct file_priv *priv)
 	if (is_timeout(priv->resend_timeout, TFTP_RESEND_TIMEOUT)) {
 		printf("T ");
 		priv->resend_timeout = get_time_ns();
+		priv->block_requested = -1;
 		return TFTP_ERR_RESEND;
 	}
 
@@ -392,6 +397,7 @@ static struct file_priv *tftp_do_open(struct device_d *dev,
 	priv->err = -EINVAL;
 	priv->filename = filename;
 	priv->blocksize = TFTP_BLOCK_SIZE;
+	priv->block_requested = -1;
 
 	priv->fifo = kfifo_alloc(4096);
 	if (!priv->fifo) {
-- 
1.7.10.4


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH 2/2] fs tftp: Fix possible fifo overflow

[Sascha Hauer]

In tftp_read we send a request for a new packet without checking if we
have enough space in the FIFO. This can lead to a FIFO overflow and a
corrupt file. Add a check for it.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Reported-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Tested-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
---
 fs/tftp.c |    6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/fs/tftp.c b/fs/tftp.c
index d89272e..dff41e9 100644
--- a/fs/tftp.c
+++ b/fs/tftp.c
@@ -62,6 +62,7 @@
 #define STATE_DONE	8
 
 #define TFTP_BLOCK_SIZE		512	/* default TFTP block size */
+#define TFTP_FIFO_SIZE		4096
 
 #define TFTP_ERR_RESEND	1
 
@@ -399,7 +400,7 @@ static struct file_priv *tftp_do_open(struct device_d *dev,
 	priv->blocksize = TFTP_BLOCK_SIZE;
 	priv->block_requested = -1;
 
-	priv->fifo = kfifo_alloc(4096);
+	priv->fifo = kfifo_alloc(TFTP_FIFO_SIZE);
 	if (!priv->fifo) {
 		ret = -ENOMEM;
 		goto out;
@@ -558,6 +559,9 @@ static int tftp_read(struct device_d *dev, FILE *f, void *buf, size_t insize)
 			outsize += now;
 			buf += now;
 			insize -= now;
+		}
+
+		if (TFTP_FIFO_SIZE - kfifo_len(priv->fifo) >= priv->blocksize) {
 			tftp_send(priv);
 			tftp_timer_reset(priv);
 		}
-- 
1.7.10.4


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox