D57441.id179375.diff
No OneTemporary
Actions

Size

1 KB

Referenced Files

None

Subscribers

None

D57441.id179375.diff
View Options

	diff --git a/sbin/ping/ping6.c b/sbin/ping/ping6.c
	--- a/sbin/ping/ping6.c
	+++ b/sbin/ping/ping6.c
	@@ -238,7 +238,7 @@
	static char *scmsg = 0;

	static cap_channel_t *capdns_setup(void);
	-static void fill(char , char );
	+static void fill(char , size_t, char );
	static int get_hoplim(struct msghdr *);
	static int get_pathmtu(struct msghdr *);
	static struct in6_pktinfo get_rcvpktinfo(struct msghdr );
	@@ -273,7 +273,8 @@
	struct sockaddr_in6 from, *sin6;
	struct addrinfo hints, *res;
	struct sigaction si_sa;
	- int cc, i;
	+ int cc;
	+ size_t i;
	int almost_done, ch, hold, packlen, preload, optval, error;
	int nig_oldmcprefix = -1;
	u_char *datap;
	@@ -483,7 +484,8 @@
	break;
	case 'p': /* fill buffer with user pattern */
	options \|= F_PINGFILLED;
	- fill((char *)datap, optarg);
	+ fill((char *)datap,
	+ sizeof(outpack) - (datap - outpack), optarg);
	break;
	case 'q':
	options \|= F_QUIET;
	@@ -761,9 +763,10 @@

	if (!(packet = (u_char *)malloc((u_int)packlen)))
	err(1, "Unable to allocate packet");
	- if (!(options & F_PINGFILLED))
	- for (i = ICMP6ECHOLEN; i < packlen; ++i)
	+ if (!(options & F_PINGFILLED)) {
	+ for (i = ICMP6ECHOLEN; i < ICMP6ECHOLEN + datalen; ++i)
	*datap++ = i;
	+ }

	ident = getpid() & 0xFFFF;
	arc4random_buf(nonce, sizeof(nonce));
	@@ -2631,7 +2634,7 @@
	}

	static void
	-fill(char bp, char patp)
	+fill(char bp, size_t bplen, char patp)
	{
	int ii, jj, kk;
	int pat[16];
	@@ -2646,13 +2649,11 @@
	&pat[7], &pat[8], &pat[9], &pat[10], &pat[11], &pat[12],
	&pat[13], &pat[14], &pat[15]);

	-/* xxx */
	- if (ii > 0)
	- for (kk = 0;
	- (size_t)kk <= MAXDATALEN - 8 + sizeof(struct tv32) + ii;
	- kk += ii)
	+ if (ii > 0) {
	+ for (kk = 0; (size_t)kk + ii <= bplen; kk += ii)
	for (jj = 0; jj < ii; ++jj)
	bp[jj + kk] = pat[jj];
	+ }
	if (!(options & F_QUIET)) {
	(void)printf("PATTERN: 0x");
	for (jj = 0; jj < ii; ++jj)

File Metadata

Mime Type: text/plain
Expires: Mon, Jun 22, 6:45 AM (4 h, 55 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 33827180
Default Alt Text: D57441.id179375.diff (1 KB)

D57441.id179375.diffNo OneTemporaryActions

D57441.id179375.diffView Options

File Metadata

Event Timeline

D57441.id179375.diff
No OneTemporary
Actions

D57441.id179375.diff
View Options