=== modified file 'tftpd/tftpd.c'
--- tftpd/tftpd.c	2008-05-16 09:56:18 +0000
+++ tftpd/tftpd.c	2008-05-16 10:09:38 +0000
@@ -340,7 +340,8 @@
 			return(EACCESS);
 		}
 	}
-	if (stat(filename, &stbuf) < 0)
+	/* stat doesn't work with mode == WRQ as file don't exist */
+	if (stat(filename, &stbuf) < 0 && mode == RRQ)
 		return (errno == ENOENT ? ENOTFOUND : EACCESS);
 #if 0
 	/*
@@ -359,14 +360,18 @@
 		return (EACCESS);
 	}
 #endif
+	/* Actually this checks are useless as we use filesystem permisions.
+	 * Thus if we can't read (RRQ) or write (WRQ) to the file, open() will
+	 * fail and set errno appropriately (ideas from debian patch).
 	if (mode == RRQ) {
 		if ((stbuf.st_mode & S_IROTH) == 0)
 			return (EACCESS);
 	} else {
 		if ((stbuf.st_mode & S_IWOTH) == 0)
 			return (EACCESS);
-	}
-	fd = open(filename, mode == RRQ ? O_RDONLY : O_WRONLY|O_TRUNC);
+	} */
+
+	fd = open(filename, mode == RRQ ? O_RDONLY : O_WRONLY|O_TRUNC|O_CREAT|O_EXCL, 0600);
 	if (fd < 0)
 		return (errno + 100);
 	file = fdopen(fd, (mode == RRQ)? "r":"w");