https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=239975
--- Comment #7 from Neeraj <[email protected]> --- I have seen that the ping code is modified as compare to the last time when the issue was reported so attaching the modified patch as per the code revision 363556 Index: sbin/ping/ping.c =================================================================== --- sbin/ping/ping.c (revision 363566) +++ sbin/ping/ping.c (working copy) @@ -1066,7 +1066,7 @@ cc = ICMP_MINLEN + phdr_len + datalen; /* compute ICMP checksum here */ - icp.icmp_cksum = in_cksum(outpack, cc); + icp.icmp_cksum = in_cksum(outpack, sizeof(struct icmp), IP_MAXPACKET, cc); /* Update icmp_cksum in the raw packet data buffer. */ memcpy(outpack + offsetof(struct icmp, icmp_cksum), &icp.icmp_cksum, sizeof(icp.icmp_cksum)); @@ -1079,7 +1079,7 @@ /* Update ip_len in the raw packet data buffer. */ memcpy(outpackhdr + offsetof(struct ip, ip_len), &ip.ip_len, sizeof(ip.ip_len)); - ip.ip_sum = in_cksum(outpackhdr, cc); + ip.ip_sum = in_cksum(outpackhdr, sizeof(struct ip), IP_MAXPACKET, cc); /* Update ip_sum in the raw packet data buffer. */ memcpy(outpackhdr + offsetof(struct ip, ip_sum), &ip.ip_sum, sizeof(ip.ip_sum)); Index: sbin/ping/utils.c =================================================================== --- sbin/ping/utils.c (revision 363566) +++ sbin/ping/utils.c (working copy) @@ -55,7 +55,7 @@ * Checksum routine for Internet Protocol family headers (C Version) */ u_short -in_cksum(u_char *addr, int len) +in_cksum(u_char *addr, size_t struct_size, int ip_maxpacket, int len) { int nleft, sum; u_char *w; @@ -74,7 +74,7 @@ * sequential 16 bit words to it, and at the end, fold back all the * carry bits from the top 16 bits into the lower 16 bits. */ - while (nleft > 1) { + while ((nleft > 1) && (w < &addr[ip_maxpacket - struct_size - sizeof(u_short)])) { u_short data; memcpy(&data, w, sizeof(data)); Index: sbin/ping/utils.h =================================================================== --- sbin/ping/utils.h (revision 363566) +++ sbin/ping/utils.h (working copy) @@ -33,6 +33,6 @@ #include <sys/types.h> -u_short in_cksum(u_char *, int); +u_short in_cksum(u_char *, size_t, int, int); #endif -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "[email protected]"
