46d7b45a26
Ping reads raw IP packets to parse ICMP responses. When reading the IP Header Len (IHL) ping was was taking the value from the provided packet without any validation. This could lead to remotely triggerable stack corruption. Validate the IHL against expected and recieved data sizes when reading from the received packet and when reading any quoted packets from within the ICMP response. Approved by: so Reviewed by: markj, asomers Security: FreeBSD-SA-22:15.ping Security: CVE-2022-23093 Sponsored by: NetApp, Inc. Sponsored by: Klara, Inc. X-NetApp-PR: #77 Differential Revision: https://reviews.freebsd.org/D37195 |
||
---|---|---|
.. | ||
tests | ||
main.c | ||
main.h | ||
Makefile | ||
Makefile.depend | ||
Makefile.depend.options | ||
ping6.c | ||
ping6.h | ||
ping.8 | ||
ping.c | ||
ping.h | ||
utils.c | ||
utils.h |