FreeBSD Bugzilla – Attachment 206715 Details for
Bug 239977
Integer Overflow: ping(8) option "-G" and "-g", bypass the invalid sweepmax and sweepmin packet size check
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
proposed patch
ping.c.patch (text/plain), 859 bytes, created by
Neeraj
on 2019-08-19 23:07:23 UTC
(
hide
)
Description:
proposed patch
Filename:
MIME Type:
Creator:
Neeraj
Created:
2019-08-19 23:07:23 UTC
Size:
859 bytes
patch
obsolete
>Index: sbin/ping/ping.c >=================================================================== >--- sbin/ping/ping.c (revision 351236) >+++ sbin/ping/ping.c (working copy) >@@ -337,7 +337,7 @@ > break; > case 'G': /* Maximum packet size for ping sweep */ > ltmp = strtol(optarg, &ep, 0); >- if (*ep || ep == optarg || ltmp <= 0) >+ if (*ep || ep == optarg || ltmp > (long)INT_MAX || ltmp <= 0) > errx(EX_USAGE, "invalid packet size: `%s'", > optarg); > if (uid != 0 && ltmp > DEFDATALEN) { >@@ -351,7 +351,7 @@ > break; > case 'g': /* Minimum packet size for ping sweep */ > ltmp = strtol(optarg, &ep, 0); >- if (*ep || ep == optarg || ltmp <= 0) >+ if (*ep || ep == optarg || ltmp > (long)INT_MAX || ltmp <= 0) > errx(EX_USAGE, "invalid packet size: `%s'", > optarg); > if (uid != 0 && ltmp > DEFDATALEN) {
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=206715">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 239977
: 206715