# /home/anton/tmp/robsd/src-tftpd-quirk.diff

Sanitize requested tftp filenames corrupted by some Intel(R) PXE
implementations.

Index: tftpd.c
===================================================================
RCS file: /cvs/src/usr.sbin/tftpd/tftpd.c,v
retrieving revision 1.43
diff -u -p -r1.43 tftpd.c
--- tftpd.c	3 Jul 2019 03:24:03 -0000	1.43
+++ tftpd.c	28 Dec 2019 10:54:17 -0000
@@ -189,6 +189,7 @@ void		tftp_wrq_end(int, short, void *);
 
 int		parse_options(struct tftp_client *, char *, size_t,
 		    struct opt_client *);
+void		sanitize_access(char *);
 int		validate_access(struct tftp_client *, const char *);
 
 struct tftp_client *
@@ -847,6 +848,7 @@ again:
 	}
 	memcpy(filename, tp->th_stuff, i);
 	filename[i] = '\0';
+	sanitize_access(filename);
 	if (first) {
 		mode = ++cp;
 		first = 0;
@@ -943,6 +945,20 @@ tftp_open(struct tftp_client *client, co
 	return;
 error:
 	nak(client, ecode);
+}
+
+/*
+ * Sanitize the requested filename. Some Intel PXE implementations
+ * unconditionally appends 0xFF to the requested filename.
+ */
+void
+sanitize_access(char *requested)
+{
+	size_t len;
+
+	len = strlen(requested);
+	if (len > 0 && (unsigned char)requested[len - 1] == 0xFF)
+		requested[len - 1] = '\0';
 }
 
 /*