From j@ida.interface-business.de  Wed Nov 27 04:46:06 1996
Received: from innocence.interface-business.de (innocence.interface-business.de [193.101.57.202])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id EAA17651
          for <FreeBSD-gnats-submit@freebsd.org>; Wed, 27 Nov 1996 04:45:51 -0800 (PST)
Received: from ida.interface-business.de (ida.interface-business.de [193.101.57.203]) by innocence.interface-business.de (8.6.11/8.6.9) with SMTP id NAA21268; Wed, 27 Nov 1996 13:43:39 +0100
Received: (from j@localhost) by ida.interface-business.de (8.8.2/8.7.3) id NAA25326; Wed, 27 Nov 1996 13:48:45 +0100 (MET)
Message-Id: <199611271248.NAA25326@ida.interface-business.de>
Date: Wed, 27 Nov 1996 13:48:45 +0100 (MET)
From: J Wunsch <j@ida.interface-business.de>
Reply-To: j@ida.interface-business.de
To: FreeBSD-gnats-submit@freebsd.org
Cc: hl@interface-business.de
Subject: tftpd doesn't truncate old file when writing
X-Send-Pr-Version: 3.2

>Number:         2112
>Category:       bin
>Synopsis:       tftpd doesn't truncate old file when writing
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Nov 27 04:50:01 PST 1996
>Closed-Date:    Sat Nov 30 21:59:45 MET 1996
>Last-Modified:  Sat Nov 30 22:00:21 MET 1996
>Originator:     J Wunsch
>Release:        FreeBSD 2.2-CURRENT i386
>Organization:
>Environment:

All versions of tftpd(8), beginning with 4.2BSD.

>Description:

When opening a file for writing, tftpd doesn't truncate the file
first.  So if the new file is shorter than the old one, it will yield
garbage at the end.  (...where tftpd requires that the file already
exists, and is world-writable in this case.)

>How-To-Repeat:

tftp a new file over an old one.

>Fix:

Does somebody see any problems with the following?
	
Index: tftpd/tftpd.c
===================================================================
RCS file: /home/ncvs/src/libexec/tftpd/tftpd.c,v
retrieving revision 1.4
diff -u -r1.4 tftpd.c
--- tftpd.c	1996/09/22 21:56:07	1.4
+++ tftpd.c	1996/11/27 12:36:47
@@ -435,7 +435,7 @@
 			return (err);
 		*filep = filename = pathname;
 	}
-	fd = open(filename, mode == RRQ ? 0 : 1);
+	fd = open(filename, mode == RRQ ? O_RDONLY : O_WRONLY|O_TRUNC);
 	if (fd < 0)
 		return (errno + 100);
 	file = fdopen(fd, (mode == RRQ)? "r":"w");


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: gnats-admin->freebsd-bugs 
Responsible-Changed-By: fenner 
Responsible-Changed-When: Wed Nov 27 13:36:35 PST 1996 
Responsible-Changed-Why:  
Refiled from gnats-admin 

From: Bill Fenner <fenner@parc.xerox.com>
To: fenner@parc.xerox.com, joerg_wunsch@uriah.heep.sax.de
Cc: freebsd-gnats-submit@freebsd.org
Subject: Re: pending/2112
Date: Sat, 30 Nov 1996 09:43:45 PST

 >Hmm, so now, do you think the suggested patch is OK? ;-)
 
 I can't see any reason not to have it.  RFC783 is relatively
 silent on the subject, but "replacing the file in place" is
 a much more intuitive operation than "replacing the first
 N bytes of the file and leaving the rest there".
 
   Bill
State-Changed-From-To: open->closed 
State-Changed-By: joerg 
State-Changed-When: Sat Nov 30 21:59:45 MET 1996 
State-Changed-Why:  
Suggested fix applied in rev 1.5 of tftpd.c. 

>Unformatted:
