Summary: | Integer Overflow: ping(8) option "-G" and "-g", bypass the invalid sweepmax and sweepmin packet size check | ||||||
---|---|---|---|---|---|---|---|
Product: | Base System | Reporter: | Neeraj <neerajpal09> | ||||
Component: | bin | Assignee: | Mark Johnston <markj> | ||||
Status: | Closed FIXED | ||||||
Severity: | Affects Some People | CC: | markj, neerajpal09, secteam | ||||
Priority: | --- | Keywords: | easy, needs-qa, security | ||||
Version: | CURRENT | Flags: | koobs:
mfc-stable12?
koobs: mfc-stable11? |
||||
Hardware: | Any | ||||||
OS: | Any | ||||||
Attachments: |
|
Description
Neeraj
2019-08-19 23:06:24 UTC
Created attachment 206715 [details]
proposed patch
A commit references this bug: Author: markj Date: Tue Nov 24 17:12:40 UTC 2020 New revision: 367988 URL: https://svnweb.freebsd.org/changeset/base/367988 Log: ping(8): Improve parameter validation - Use strtonum(3) to simplify bounds checking of numeric parameters. - Fix bounds checking when filling out packet data in "sweep" mode. PR: 239974, 239977, 239978 Reported by: Neeraj <neerajpal09@gmail.com> MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D25622 Changes: head/sbin/ping/ping.c A commit references this bug: Author: markj Date: Tue Dec 1 15:09:03 UTC 2020 New revision: 368231 URL: https://svnweb.freebsd.org/changeset/base/368231 Log: MFC r367988: ping(8): Improve parameter validation PR: 239974, 239977, 239978 Changes: _U stable/12/ stable/12/sbin/ping/ping.c |