From 549e0da06f2d68ddc890665f5d46e599e3377730 Mon Sep 17 00:00:00 2001
From: "Joseph C. Lehner" <joseph.c.lehner@gmail.com>
Date: Tue, 10 Jan 2017 20:16:09 +0100
Subject: [PATCH] Don't accept any blksize

---
 tftp.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tftp.c b/tftp.c
index f5ad35a..a110238 100644
--- a/tftp.c
+++ b/tftp.c
@@ -30,7 +30,7 @@
 #define O_BINARY 0
 #endif
 
-#define TFTP_PKT_SIZE 516
+#define TFTP_BLKSIZE 1456
 
 static const char *opcode_names[] = {
 	"RRQ", "WRQ", "DATA", "ACK", "ERR", "OACK"
@@ -374,7 +374,7 @@ int tftp_put(struct nmrpd_args *args)
 	/* Not really, but this way the loop sends our WRQ before receiving */
 	timeout = 1;
 
-	pkt_mkwrq(tx, file_remote, 1456);
+	pkt_mkwrq(tx, file_remote, TFTP_BLKSIZE);
 
 	while (!g_interrupted) {
 		ackblock = -1;
@@ -387,7 +387,7 @@ int tftp_put(struct nmrpd_args *args)
 				ackblock = 0;
 				if ((val = pkt_optval(rx, "blksize"))) {
 					blksize = strtol(val, &end, 10);
-					if (!blksize || (*end != '\0')) {
+					if (*end != '\0' || blksize < 8 || blksize > TFTP_BLKSIZE) {
 						fprintf(stderr, "Error: invalid blksize in OACK: %s\n", val);
 						ret = -1;
 						goto cleanup;
-- 
2.25.1