CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

author	Tom Jones <thj@FreeBSD.org>
	Thu, 17 Nov 2022 10:31:38 +0000 (10:31 +0000)
committer	Gordon Tetlow <gordon@FreeBSD.org>
	Tue, 29 Nov 2022 22:51:50 +0000 (14:51 -0800)
commit	46d7b45a267b3d78c5054b210ff7b6c55bfca42b
tree	78716d754eedc3657ba8f279fba29b0f11efb588	tree \| snapshot
parent	a6d40b0ad2c51e16a8c99750d5ed6f9aea2be7d4	commit \| diff

ping: Fix handling of IP packet sizes

Ping reads raw IP packets to parse ICMP responses. When reading the
IP Header Len (IHL) ping was was taking the value from the provided
packet without any validation. This could lead to remotely triggerable
stack corruption.

Validate the IHL against expected and recieved data sizes when reading
from the received packet and when reading any quoted packets from within
the ICMP response.

Approved by: so
Reviewed by: markj, asomers
Security: FreeBSD-SA-22:15.ping
Security: CVE-2022-23093
Sponsored by:   NetApp, Inc.
Sponsored by:   Klara, Inc.
X-NetApp-PR:    #77
Differential Revision: https://reviews.freebsd.org/D37195