|
|
994c6b |
From 61ed3913790901f2ad4973de60b373150fde01e0 Mon Sep 17 00:00:00 2001
|
|
|
994c6b |
From: Jan Synacek <jsynacek@redhat.com>
|
|
|
994c6b |
Date: Wed, 20 Apr 2016 09:51:12 +0200
|
|
|
994c6b |
Subject: [PATCH] ping: do not allow oversized packets to root
|
|
|
994c6b |
|
|
|
994c6b |
The code later fails anyways (as the original comment suggests), which
|
|
|
994c6b |
results in a weird recvmsg() loop that times out eventually.
|
|
|
994c6b |
|
|
|
994c6b |
Reproducer:
|
|
|
994c6b |
|
|
|
994c6b |
./ping -c 1 -s 65530 127.0.0.1
|
|
|
994c6b |
---
|
|
|
994c6b |
ping.c | 10 ++--------
|
|
|
994c6b |
1 file changed, 2 insertions(+), 8 deletions(-)
|
|
|
994c6b |
|
|
|
994c6b |
diff --git a/ping.c b/ping.c
|
|
|
994c6b |
index f435fe2..ea37c4f 100644
|
|
|
994c6b |
--- a/ping.c
|
|
|
994c6b |
+++ b/ping.c
|
|
|
994c6b |
@@ -80,8 +80,6 @@ ping_func_set_st ping4_func_set = {
|
|
|
994c6b |
#define NROUTES 9 /* number of record route slots */
|
|
|
994c6b |
#define TOS_MAX 255 /* 8-bit TOS field */
|
|
|
994c6b |
|
|
|
994c6b |
-static const int max_ping4_packet = 0x10000;
|
|
|
994c6b |
-
|
|
|
994c6b |
static int ts_type;
|
|
|
994c6b |
static int nroute = 0;
|
|
|
994c6b |
static __u32 route[10];
|
|
|
994c6b |
@@ -806,12 +804,8 @@ int ping4_run(int argc, char **argv, struct addrinfo *ai, socket_st *sock)
|
|
|
994c6b |
}
|
|
|
994c6b |
|
|
|
994c6b |
if (datalen > 0xFFFF - 8 - optlen - 20) {
|
|
|
994c6b |
- if (uid || datalen > max_ping4_packet-8 || datalen > MAXPACKET-8) {
|
|
|
994c6b |
- fprintf(stderr, "Error: packet size %d is too large. Maximum is %d\n", datalen, 0xFFFF-8-20-optlen);
|
|
|
994c6b |
- exit(2);
|
|
|
994c6b |
- }
|
|
|
994c6b |
- /* Allow small oversize to root yet. It will cause EMSGSIZE. */
|
|
|
994c6b |
- fprintf(stderr, "WARNING: packet size %d is too large. Maximum is %d\n", datalen, 0xFFFF-8-20-optlen);
|
|
|
994c6b |
+ fprintf(stderr, "Error: packet size %d is too large. Maximum is %d\n", datalen, 0xFFFF-8-20-optlen);
|
|
|
994c6b |
+ exit(2);
|
|
|
994c6b |
}
|
|
|
994c6b |
|
|
|
994c6b |
if (datalen >= sizeof(struct timeval)) /* can we time transfer */
|
|
|
994c6b |
--
|
|
|
994c6b |
2.7.4
|
|
|
994c6b |
|