Check for minimum length of request

author: Reiner Herrmann <reiner@reiner-h.de> 2019-09-15 14:37:31 +0200
committer: Reiner Herrmann <reiner@reiner-h.de> 2019-09-15 14:37:31 +0200
commit: b8d25fdb7bf38fcfb6ae65820e59fc157cf028c7 (patch)
tree: 835c00461a82e96a4418b332807cd04e65551861 /src
parent: 16c6dd8f7116271508974d8acf04da1f1bf0afc9 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/src/tftpd.rs b/src/tftpd.rs
index 102063d..6513367 100644
--- a/src/tftpd.rs
+++ b/src/tftpd.rs
@@ -181,6 +181,11 @@ impl Tftpd {
         socket.set_read_timeout(Some(Duration::from_secs(5)))?;
         socket.connect(cl)?;
 
+        if buf.len() < 2 {
+            self.tftp.send_error(&socket, 0, "Invalid request length")?;
+            return Err(io::Error::new(io::ErrorKind::Other, "invalid request length"));
+        }
+
         match u16::from_be_bytes([buf[0], buf[1]]) {  // opcode
             o if o == rtftp::Opcode::RRQ as u16 => {
                 if self.conf.wo {
author	Reiner Herrmann <reiner@reiner-h.de>	2019-09-15 14:37:31 +0200
committer	Reiner Herrmann <reiner@reiner-h.de>	2019-09-15 14:37:31 +0200
commit	b8d25fdb7bf38fcfb6ae65820e59fc157cf028c7 (patch)
tree	835c00461a82e96a4418b332807cd04e65551861 /src
parent	16c6dd8f7116271508974d8acf04da1f1bf0afc9 (diff)