[PATCH] ping: fix ping request information leak
Peter Korsgaard
jacmet at uclibc.org
Tue Apr 29 10:36:41 UTC 2008
From: Peter Korsgaard <jacmet at sunsite.dk>
The ping applet doesn't clear the padding bytes on the ping request packets
in the FEATURE_FANCY_PING case, causing an information leak of stack contents.
./scripts/bloat-o-meter busybox_unstripped{,_new}
function old new delta
sendping4 447 455 +8
------------------------------------------------------------------------------
(add/remove: 0/0 grow/shrink: 1/0 up/down: 8/0) Total: 8 bytes
Signed-off-by: Peter Korsgaard <jacmet at sunsite.dk>
---
networking/ping.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/networking/ping.c b/networking/ping.c
index 2991486..9c9403b 100644
--- a/networking/ping.c
+++ b/networking/ping.c
@@ -372,6 +372,7 @@ static void sendping4(int junk ATTRIBUTE_UNUSED)
* *after* packet. Saves one if() */
struct icmp *pkt = alloca(datalen + ICMP_MINLEN + 4);
+ memset(pkt, 0, datalen + ICMP_MINLEN + 4);
pkt->icmp_type = ICMP_ECHO;
pkt->icmp_code = 0;
pkt->icmp_cksum = 0;
@@ -391,6 +392,7 @@ static void sendping6(int junk ATTRIBUTE_UNUSED)
{
struct icmp6_hdr *pkt = alloca(datalen + sizeof(struct icmp6_hdr) + 4);
+ memset(pkt, 0, datalen + sizeof(struct icmp6_hdr) + 4);
pkt->icmp6_type = ICMP6_ECHO_REQUEST;
pkt->icmp6_code = 0;
pkt->icmp6_cksum = 0;
--
1.5.4.4
More information about the busybox
mailing list