diff options
author | Stuart Henderson <sthen@cvs.openbsd.org> | 2009-04-23 23:18:36 +0000 |
---|---|---|
committer | Stuart Henderson <sthen@cvs.openbsd.org> | 2009-04-23 23:18:36 +0000 |
commit | 78f5f937495b8ab9e3ed9c6a9b27206dba783a9a (patch) | |
tree | b2dae63c2ba983846e9f26eb40cd998ae7291cde | |
parent | 3edcc165557beb5b0c91d0bd80f04a742e661e76 (diff) |
ping -v can segfault when displaying received icmp packets that aren't
echo replies. it's because the pointer arithmetic is scaled to the size
of struct icmp, so 28*28 bytes are added rather than just 28. fortunately
a correct value was calculated 2 lines earlier, so we can just use that.
"thats a cool fix" dlg, ok deraadt
-rw-r--r-- | sbin/ping/ping.c | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/sbin/ping/ping.c b/sbin/ping/ping.c index edf3a67d8ac..cd1b4afa868 100644 --- a/sbin/ping/ping.c +++ b/sbin/ping/ping.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ping.c,v 1.78 2007/02/06 15:25:18 jmc Exp $ */ +/* $OpenBSD: ping.c,v 1.79 2009/04/23 23:18:35 sthen Exp $ */ /* $NetBSD: ping.c,v 1.20 1995/08/11 22:37:58 cgd Exp $ */ /* @@ -43,7 +43,7 @@ static const char copyright[] = #if 0 static char sccsid[] = "@(#)ping.c 8.1 (Berkeley) 6/5/93"; #else -static const char rcsid[] = "$OpenBSD: ping.c,v 1.78 2007/02/06 15:25:18 jmc Exp $"; +static const char rcsid[] = "$OpenBSD: ping.c,v 1.79 2009/04/23 23:18:35 sthen Exp $"; #endif #endif /* not lint */ @@ -761,8 +761,7 @@ pr_pack(char *buf, int cc, struct sockaddr_in *from) return; ip2 = (struct ip *)(buf + hlen + sizeof (struct icmp)); hlen2 = ip2->ip_hl << 2; - if (cc >= hlen2 + 8 && check_icmph((struct ip *)(icp + - sizeof (struct icmp))) != 1) + if (cc >= hlen2 + 8 && check_icmph(ip2) != 1) return; (void)printf("%d bytes from %s: ", cc, pr_addr(from->sin_addr.s_addr)); |