]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit
projects / FreeBSD / FreeBSD.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 669ef76) | patch
ping: Fix handling of IP packet sizes
authorTom Jones <thj@FreeBSD.org>
Thu, 17 Nov 2022 10:31:38 +0000 (10:31 +0000)
committerGordon Tetlow <gordon@FreeBSD.org>
Tue, 29 Nov 2022 22:56:33 +0000 (14:56 -0800)
commit186f495d4be12a9184d2b11183c55b27b879765f
treef689236fe726887556917256d37f00e557dd26betree | snapshot
parent669ef76f855a5cd78bb904b1474f150386901a42commit | diff
ping: Fix handling of IP packet sizes

Ping reads raw IP packets to parse ICMP responses. When reading the
IP Header Len (IHL) ping was was taking the value from the provided
packet without any validation. This could lead to remotely triggerable
stack corruption.

Validate the IHL against expected and recieved data sizes when reading
from the received packet and when reading any quoted packets from within
the ICMP response.

Approved by: so
Reviewed by: markj, asomers
Security: FreeBSD-SA-22:15.ping
Security: CVE-2022-23093
Sponsored by:   NetApp, Inc.
Sponsored by:   Klara, Inc.
X-NetApp-PR:    #77
Differential Revision: https://reviews.freebsd.org/D37195

(cherry picked from commit 46d7b45a267b3d78c5054b210ff7b6c55bfca42b)
sbin/ping/ping.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.