Page MenuHomeFreeBSD

ping: Fix an unsigned integer overflow (D38470 alternate take)
AbandonedPublic

Authored by jlduran on Feb 14 2023, 6:41 PM.
Tags
None
Referenced Files
Unknown Object (File)
Oct 3 2024, 5:20 PM
Unknown Object (File)
Oct 3 2024, 3:08 PM
Unknown Object (File)
Oct 2 2024, 1:03 PM
Unknown Object (File)
Oct 1 2024, 10:55 PM
Unknown Object (File)
Sep 29 2024, 7:49 PM
Unknown Object (File)
Sep 28 2024, 9:21 AM
Unknown Object (File)
Sep 28 2024, 2:42 AM
Unknown Object (File)
Sep 25 2024, 3:12 AM

Details

Reviewers
markj
Summary

The function pr_pack() prints out a packet, if the IP packet contains options, these are printed as well.
Commit 46d7b45a267b3d78c5054b210ff7b6c55bfca42b introduced an integer overflow bug, by changing hlen from int to uint8_t.
Revert this part of the code to the way it was before by creating an int type variable optslen, to be decremented instead of hlen.

Fixes: 46d7b45a267b3d78c5054b210ff7b6c55bfca42b

Test Plan

DISCLAIMER: My preferred route would be to implement D38431, however for reasons detailed in that review, we'll resort to fixing what we currently have.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped