summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStuart Henderson <sthen@cvs.openbsd.org>2009-04-23 23:18:36 +0000
committerStuart Henderson <sthen@cvs.openbsd.org>2009-04-23 23:18:36 +0000
commit78f5f937495b8ab9e3ed9c6a9b27206dba783a9a (patch)
treeb2dae63c2ba983846e9f26eb40cd998ae7291cde
parent3edcc165557beb5b0c91d0bd80f04a742e661e76 (diff)
ping -v can segfault when displaying received icmp packets that aren't
echo replies. it's because the pointer arithmetic is scaled to the size of struct icmp, so 28*28 bytes are added rather than just 28. fortunately a correct value was calculated 2 lines earlier, so we can just use that. "thats a cool fix" dlg, ok deraadt
-rw-r--r--sbin/ping/ping.c7
1 files changed, 3 insertions, 4 deletions
diff --git a/sbin/ping/ping.c b/sbin/ping/ping.c
index edf3a67d8ac..cd1b4afa868 100644
--- a/sbin/ping/ping.c
+++ b/sbin/ping/ping.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ping.c,v 1.78 2007/02/06 15:25:18 jmc Exp $ */
+/* $OpenBSD: ping.c,v 1.79 2009/04/23 23:18:35 sthen Exp $ */
/* $NetBSD: ping.c,v 1.20 1995/08/11 22:37:58 cgd Exp $ */
/*
@@ -43,7 +43,7 @@ static const char copyright[] =
#if 0
static char sccsid[] = "@(#)ping.c 8.1 (Berkeley) 6/5/93";
#else
-static const char rcsid[] = "$OpenBSD: ping.c,v 1.78 2007/02/06 15:25:18 jmc Exp $";
+static const char rcsid[] = "$OpenBSD: ping.c,v 1.79 2009/04/23 23:18:35 sthen Exp $";
#endif
#endif /* not lint */
@@ -761,8 +761,7 @@ pr_pack(char *buf, int cc, struct sockaddr_in *from)
return;
ip2 = (struct ip *)(buf + hlen + sizeof (struct icmp));
hlen2 = ip2->ip_hl << 2;
- if (cc >= hlen2 + 8 && check_icmph((struct ip *)(icp +
- sizeof (struct icmp))) != 1)
+ if (cc >= hlen2 + 8 && check_icmph(ip2) != 1)
return;
(void)printf("%d bytes from %s: ", cc,
pr_addr(from->sin_addr.s_addr));