Page MenuHomeFreeBSD
Differential D57441

ping6: fix outpack overflow in pattern fill loop
ClosedPublic
Actions

Authored by oshogbo on Thu, Jun 4, 3:00 PM.
Tags
None
Referenced Files
F160086222: D57441.id179375.diff
Sun, Jun 21, 6:45 AM
F160086201: D57441.id179375.diff
Sun, Jun 21, 6:45 AM
Unknown Object (File)
Sat, Jun 20, 5:50 PM
Unknown Object (File)
Thu, Jun 18, 11:01 PM
Unknown Object (File)
Thu, Jun 18, 8:04 PM
Unknown Object (File)
Thu, Jun 18, 7:41 PM
Unknown Object (File)
Thu, Jun 18, 7:22 PM
Unknown Object (File)
Thu, Jun 18, 7:20 PM
View All 25 Files
Subscribers
des
imp
jhb

Details

Reviewers
markj
des
Group Reviewers
secteam
Commits
rGe15be258bbf2: ping6: fix outpack overflow in pattern fill loop
Summary

The fill loop was bounded by packlen, which is sized for the receive
buffer (datalen + IP6LEN + ICMP6ECHOLEN + EXTRA), not for outpack.
With large datalen the loop wrote past outpack[MAXPACKETLEN].

Bound it to the actual data area in outpack instead.

Reported by: Oculytic

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

oshogbo created this revision.Thu, Jun 4, 3:00 PM
oshogbo held this revision as a draft.
Herald added a subscriber: imp. · View Herald TranscriptThu, Jun 4, 3:00 PM
Harbormaster completed remote builds in B73669: Diff 179213.Thu, Jun 4, 3:00 PM
oshogbo published this revision for review.Thu, Jun 4, 3:01 PM
oshogbo changed the visibility from "Public (No Login Required)" to "secteam (Project)".
oshogbo changed the edit policy from "All Users" to "secteam (Project)".
oshogbo added a reviewer: markj.
oshogbo added a reviewer: secteam.
markj accepted this revision as: markj.Thu, Jun 4, 4:29 PM

There is a ton of cleanup that could be done in this file. We should also ensure that casper services are created after ping drops its privileges...

sbin/ping/ping6.c
767
This revision is now accepted and ready to land.Thu, Jun 4, 4:29 PM
emaste added a subscriber: jhb.Fri, Jun 5, 3:11 PM
des requested changes to this revision.Fri, Jun 5, 3:13 PM
des added a subscriber: des.
des added inline comments.
sbin/ping/ping6.c
241

should take a size

766

braces please

767
This revision now requires changes to proceed.Fri, Jun 5, 3:13 PM
oshogbo updated this revision to Diff 179375.Mon, Jun 8, 7:24 AM

Address review from des

Harbormaster completed remote builds in B73735: Diff 179375.Mon, Jun 8, 7:24 AM
des added a comment.Mon, Jun 8, 12:04 PM
In D57441#1317373, @oshogbo wrote:

Address review from des

You skipped the most important part. The filling loop is still incorrect.

oshogbo updated this revision to Diff 179547.Wed, Jun 10, 8:32 AM
oshogbo marked 3 inline comments as done.

Fix the loop.

Yes you were right, sorry about that.

Harbormaster completed remote builds in B73792: Diff 179547.Wed, Jun 10, 8:32 AM
des accepted this revision.Wed, Jun 10, 5:10 PM
This revision is now accepted and ready to land.Wed, Jun 10, 5:10 PM
markj accepted this revision.Fri, Jun 12, 12:16 AM
oshogbo changed the visibility from "secteam (Project)" to "Public (No Login Required)".Tue, Jun 16, 5:04 PM
Closed by commit rGe15be258bbf2: ping6: fix outpack overflow in pattern fill loop (authored by oshogbo). · Explain WhyTue, Jun 16, 5:08 PM
This revision was automatically updated to reflect the committed changes.
oshogbo added a commit: rGe15be258bbf2: ping6: fix outpack overflow in pattern fill loop.

Revision Contents
Changeset List

PathSize
sbin/
ping/
20 lines

Diff 179879

View Options

sbin/ping/ping6.c

Loading...