tftpd: Immediately reject any request shorter than 4 bytes.

MFC after:	1 week
Sponsored by:	Klara, Inc.
Reviewed by:	kevans
Differential Revision:	https://reviews.freebsd.org/D44957

libexec/tftpd/tests/functional.c

@@ -1219,6 +1219,22 @@ TFTPD_TC_DEFINE(wrq_window_rfc7440,)
 	require_bufeq(contents, sizeof(contents), buffer, (size_t)r);
 }
 
+/*
+ * Send less than four bytes
+ */
+TFTPD_TC_DEFINE(short_packet1, /* no head */, exitcode = 1)
+{
+	SEND_STR("\1");
+}
+TFTPD_TC_DEFINE(short_packet2, /* no head */, exitcode = 1)
+{
+	SEND_STR("\1\2");
+}
+TFTPD_TC_DEFINE(short_packet3, /* no head */, exitcode = 1)
+{
+	SEND_STR("\1\2\3");
+}
+
 
 /*
  * Main
@@ -1256,6 +1272,9 @@ ATF_TP_ADD_TCS(tp)
 	TFTPD_TC_ADD(tp, wrq_small);
 	TFTPD_TC_ADD(tp, wrq_truncate);
 	TFTPD_TC_ADD(tp, wrq_window_rfc7440);
+	TFTPD_TC_ADD(tp, short_packet1);
+	TFTPD_TC_ADD(tp, short_packet2);
+	TFTPD_TC_ADD(tp, short_packet3);
 
 	return (atf_no_error());
 }

libexec/tftpd/tftpd.c

@@ -228,6 +228,11 @@ main(int argc, char *argv[])
 	}
 	getnameinfo((struct sockaddr *)&peer_sock, peer_sock.ss_len,
 	    peername, sizeof(peername), NULL, 0, NI_NUMERICHOST);
+	if ((size_t)n < 4 /* tftphdr */) {
+		tftp_log(LOG_ERR, "Rejecting %zd-byte request from %s",
+		    n, peername);
+		exit(1);
+	}
 
 	/*
 	 * Now that we have read the message out of the UDP