FreeBSD Bugzilla – Attachment 206716 Details for
Bug 239978
Integer Overflow: ping(8) option "-h", bypass the invalid sweepincr packet size check
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
proposed patch
ping.c.patch (text/plain), 517 bytes, created by
Neeraj
on 2019-08-19 23:10:24 UTC
(
hide
)
Description:
proposed patch
Filename:
MIME Type:
Creator:
Neeraj
Created:
2019-08-19 23:10:24 UTC
Size:
517 bytes
patch
obsolete
>Index: sbin/ping/ping.c >=================================================================== >--- sbin/ping/ping.c (revision 351236) >+++ sbin/ping/ping.c (working copy) >@@ -365,7 +365,7 @@ > break; > case 'h': /* Packet size increment for ping sweep */ > ltmp = strtol(optarg, &ep, 0); >- if (*ep || ep == optarg || ltmp < 1) >+ if (*ep || ep == optarg || ltmp > (long)INT_MAX || ltmp < 1) > errx(EX_USAGE, "invalid increment size: `%s'", > optarg); > if (uid != 0 && ltmp > DEFDATALEN) {
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=206716">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 239978
: 206716