Commons Net
  1. Commons Net
  2. NET-412

Apache Commons TFTP implementation subject to Sorcerer's Apprentice Syndrome

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: 2.2, 3.0
    • Fix Version/s: 3.1
    • Component/s: TFTP
    • Labels:
      None
    • Environment:

      Java 6 patch 20

      Description

      This is regarding the org.apache.commons.net.tftp.TFTPClient class.

      In the sendFile() method, when a duplicate TFTP ACK is received, the "if (lastBlock == block)" section of code fails and control moves to the "else" statement. The else block checks to see if the ACK is for the previous DATA packet, and if so, sends control back to the _sendPacket label where the DATA packet is resent.

      This is in direct violation of Sorcerer's Apprentice Syndrome as defined in RFC 1123 section 4.2.3.1:

      "the sender (i.e., the side originating the DATA packets) must never resend the current DATA packet on receipt of a duplicate ACK"

      The proper else block would look something like this:

      {
          continue _receivePacket;
      }
      

      This enables the client to ignore the duplicated ACK and listen for ACK+1. If ACK+1 never comes in, the listener should timeout and attempt to resend the current data packet. As described in NET-410, the TFTP client also does not properly handle re-transmits either. It is recommended that this issue and NET-410 be implemented in tandem.

        Activity

        There are no comments yet on this issue.

          People

          • Assignee:
            Unassigned
            Reporter:
            Chuck Wolber
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development