Page MenuHomeFreeBSD
Differential D38593

ping: Fix an unsigned integer overflow (D38470 alternate take)
AbandonedPublic
Actions

Authored by jlduran_gmail.com on Feb 14 2023, 6:41 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Apr 9, 6:11 AM
Unknown Object (File)
Mar 8 2024, 9:40 PM
Unknown Object (File)
Dec 24 2023, 10:38 PM
Unknown Object (File)
Dec 20 2023, 5:28 AM
Unknown Object (File)
Dec 11 2023, 1:47 AM
Unknown Object (File)
Nov 22 2023, 6:46 AM
Unknown Object (File)
Nov 14 2023, 3:42 AM
Unknown Object (File)
Nov 12 2023, 3:54 AM
View All 27 Files
Subscribers
cy
imp
Contributor Reviews (src)

Details

Reviewers
markj
Summary

The function pr_pack() prints out a packet, if the IP packet contains options, these are printed as well.
Commit 46d7b45a267b3d78c5054b210ff7b6c55bfca42b introduced an integer overflow bug, by changing hlen from int to uint8_t.
Revert this part of the code to the way it was before by creating an int type variable optslen, to be decremented instead of hlen.

Fixes: 46d7b45a267b3d78c5054b210ff7b6c55bfca42b

Test Plan

DISCLAIMER: My preferred route would be to implement D38431, however for reasons detailed in that review, we'll resort to fixing what we currently have.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped

Revision Contents
Changeset List

PathSize
sbin/
ping/
22 lines
tests/
243 lines

Diff 117228

View Options

sbin/ping/ping.c

Loading...
View Options

sbin/ping/tests/test_ping.py

Loading...