Hi, I don't know if this has already been reported but I noticed that the ICMPv6 Echo Request packets generated by busybox ping6 implementation were leaking the content of the stack. Below is a patch against current git tree.
Cheers, a+ When ENABLE_FEATURE_FANCY_PING is enabled, the version of ping4() and ping6() do not memset() the buffer useds for the packet. This result in leaks of information from the stack. Signed-off-by: Arnaud Ebalard <[email protected]> --- networking/ping.c | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/networking/ping.c b/networking/ping.c index 467b7f6..e58948c 100644 --- a/networking/ping.c +++ b/networking/ping.c @@ -564,6 +564,7 @@ static void ping4(len_and_sockaddr *lsa) char packet[datalen + MAXIPLEN + MAXICMPLEN]; int sockopt; + memset(packet, 0, sizeof(packet)); pingsock = create_icmp_socket(); pingaddr.sin = lsa->u.sin; if (source_lsa) { @@ -617,6 +618,7 @@ static void ping6(len_and_sockaddr *lsa) struct iovec iov; char control_buf[CMSG_SPACE(36)]; + memset(packet, 0, sizeof(packet)); pingsock = create_icmp6_socket(); pingaddr.sin6 = lsa->u.sin6; /* untested whether "-I addr" really works for IPv6: */ -- 1.6.5.7 _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
