[Midnightbsd-cvs] [MidnightBSD/src] f467f7: ping reads raw IP packets from the network to proc...

Tue Nov 29 23:20:34 EST 2022

  Branch: refs/heads/stable/3.0
  Home:   https://github.com/MidnightBSD/src
  Commit: f467f7bc9a9dd288fc19350ea88ce47d0f0ca4c6
      https://github.com/MidnightBSD/src/commit/f467f7bc9a9dd288fc19350ea88ce47d0f0ca4c6
  Author: Lucas Holt <luke at foolishgames.com>
  Date:   2022-11-29 (Tue, 29 Nov 2022)

  Changed paths:
    M sbin/ping/ping.c

  Log Message:
  -----------
  ping reads raw IP packets from the network to process responses in the
pr_pack() function.  As part of processing a response ping has to
reconstruct the IP header, the ICMP header and if present a "quoted
packet," which represents the packet that generated an ICMP error.  The
quoted packet again has an IP header and an ICMP header.

The pr_pack() copies received IP and ICMP headers into stack buffers
for further processing.  In so doing, it fails to take into account the
possible presence of IP option headers following the IP header in
either the response or the quoted packet.  When IP options are present,
pr_pack() overflows the destination buffer by up to 40 bytes.

Obtained from: FreeBSD

  Commit: e231e90b48119a8f5bfaa09e0b070e85570bc038
      https://github.com/MidnightBSD/src/commit/e231e90b48119a8f5bfaa09e0b070e85570bc038
  Author: Lucas Holt <luke at foolishgames.com>
  Date:   2022-11-29 (Tue, 29 Nov 2022)

  Changed paths:
    M crypto/heimdal/lib/asn1/gen_free.c

  Log Message:
  -----------
  fix defective security patch

Compare: https://github.com/MidnightBSD/src/compare/61be66d25d39...e231e90b4811