Re: [PATCH] net: ping: check minimum size on ICMP header length

From: David Miller
Date: Mon Dec 05 2016 - 13:19:42 EST

Next message: Sean Paul: "Re: [PATCH 1/1] gpu: drm: qxl: fix use of uninitialized variable"
Previous message: Joe Perches: "Re: [PATCH 0/8] irda: w83977af_ir: Neatening"
In reply to: Lorenzo Colitti: "Re: [PATCH] net: ping: check minimum size on ICMP header length"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Kees Cook <keescook@xxxxxxxxxxxx>
Date: Fri, 2 Dec 2016 16:58:53 -0800

> diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c
> index 205e2000d395..8257be3f032c 100644
> --- a/net/ipv4/ping.c
> +++ b/net/ipv4/ping.c
> @@ -654,7 +654,7 @@ int ping_common_sendmsg(int family, struct msghdr *msg, size_t len,
> void *user_icmph, size_t icmph_len) {
> u8 type, code;
>
> - if (len > 0xFFFF)
> + if (len > 0xFFFF || len < icmph_len)
> return -EMSGSIZE;

As suggested by Lorenzo, please use -EINVAL here.

Thanks.

Next message: Sean Paul: "Re: [PATCH 1/1] gpu: drm: qxl: fix use of uninitialized variable"
Previous message: Joe Perches: "Re: [PATCH 0/8] irda: w83977af_ir: Neatening"
In reply to: Lorenzo Colitti: "Re: [PATCH] net: ping: check minimum size on ICMP header length"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]