From 87f9c14ad387174033ed292389a9a2350aa73dbb Mon Sep 17 00:00:00 2001
From: Mark Johnston <markj@FreeBSD.org>
Date: Sat, 11 Jul 2020 17:10:16 +0000
Subject: [PATCH] ping(8): Check for integer truncation when handling the value
 for -s.

PR:		239976
Submitted by:	Neeraj <neerajpal09@gmail.com>
MFC after:	1 week
Event:		July 2020 Bugathon
---
 sbin/ping/ping.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sbin/ping/ping.c b/sbin/ping/ping.c
index 011c77df816d..0b0e7a9fdd34 100644
--- a/sbin/ping/ping.c
+++ b/sbin/ping/ping.c
@@ -478,7 +478,7 @@ main(int argc, char *const *argv)
 			break;
 		case 's':		/* size of packet to send */
 			ltmp = strtol(optarg, &ep, 0);
-			if (*ep || ep == optarg || ltmp < 0)
+			if (*ep || ep == optarg || ltmp > INT_MAX || ltmp < 0)
 				errx(EX_USAGE, "invalid packet size: `%s'",
 				    optarg);
 			if (uid != 0 && ltmp > DEFDATALEN) {