Page MenuHomeFreeBSD
Differential D38593

ping: Fix an unsigned integer overflow (D38470 alternate take)
AbandonedPublic
Actions

Authored by jlduran on Feb 14 2023, 6:41 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Oct 15, 3:04 AM
Unknown Object (File)
Wed, Oct 8, 6:15 AM
Unknown Object (File)
Aug 16 2025, 9:15 AM
Unknown Object (File)
Aug 14 2025, 10:18 PM
Unknown Object (File)
Jul 29 2025, 11:25 AM
Unknown Object (File)
Jul 28 2025, 9:24 PM
Unknown Object (File)
Jul 28 2025, 5:29 PM
Unknown Object (File)
Jul 2 2025, 8:58 PM
View All 74 Files
Subscribers
cy
imp
Contributor Reviews (src)

Details

Reviewers
markj
Summary

The function pr_pack() prints out a packet, if the IP packet contains options, these are printed as well.
Commit 46d7b45a267b3d78c5054b210ff7b6c55bfca42b introduced an integer overflow bug, by changing hlen from int to uint8_t.
Revert this part of the code to the way it was before by creating an int type variable optslen, to be decremented instead of hlen.

Fixes: 46d7b45a267b3d78c5054b210ff7b6c55bfca42b

Test Plan

DISCLAIMER: My preferred route would be to implement D38431, however for reasons detailed in that review, we'll resort to fixing what we currently have.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped

Revision Contents
Changeset List

PathSize
sbin/
ping/
22 lines
tests/
243 lines

Diff 117228

View Options

sbin/ping/ping.c

Loading...
View Options

sbin/ping/tests/test_ping.py

Loading...