bin/45257: ping(8) prints bogus round-trip times after Year 2038

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: bin/45257: ping(8) prints bogus round-trip times after Year 2038
From: Izumi Tsutsui <tsutsui%ceres.dti.ne.jp@localhost>
Date: Mon, 15 Aug 2011 07:55:01 +0000 (UTC)

>Number:         45257
>Category:       bin
>Synopsis:       ping(8) prints bogus round-trip times after Year 2038
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Aug 15 07:55:00 +0000 2011
>Originator:     Izumi Tsutsui
>Release:        NetBSD 5.99.55
>Organization:
>Environment:
System: NetBSD 5.99.55 (GENERIC) #246: Tue Aug  9 00:26:31 JST 2011
Architecture: m68k
Machine: hp300
but affects all ports
>Description:
ping(8) prints wrong round-trip times after year 2038
even after 64 bit time_t changes.
On BE machines it occurs after year 2038,
and on LE machines after year ~2106.

>How-To-Repeat:

# uname -prs
NetBSD 5.99.55 m68k
# date
Mon Aug 15 16:26:40 JST 2011
# ping -n -c 1 192.168.20.1
PING 192.168.20.1 (192.168.20.1): 56 data bytes
64 bytes from 192.168.20.1: icmp_seq=0 ttl=255 time=4.292 ms

----192.168.20.1 PING Statistics----
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 4.292/4.292/4.292/0.000 ms
# 
# date 203908151627.00
Mon Aug 15 16:27:00 JST 2039
# ping -n -c 1 192.168.20.1
PING 192.168.20.1 (192.168.20.1): 56 data bytes
64 bytes from 192.168.20.1: icmp_seq=0 ttl=255 time=4294967296004.156 ms

----192.168.20.1 PING Statistics----
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 
999999999000.000/4294967296004.156/4294967296004.156/0.000 ms
# 
# rdate 192.168.20.1
Mon Aug 15 16:27:03 2011
# ping -n -c 1 192.168.20.1
PING 192.168.20.1 (192.168.20.1): 56 data bytes
64 bytes from 192.168.20.1: icmp_seq=0 ttl=255 time=3.288 ms

----192.168.20.1 PING Statistics----
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 3.288/3.288/3.288/0.000 ms
# 


>Fix:
The problem is that ping(8) uses 32bit values (as struct tv32)
to send F_TIMING info, but ntohl() and diffsec() don't
handle signedness and width properly:

http://nxr.NetBSD.org/xref/src/sbin/ping/ping.c#993
---
                if (pingflags & F_TIMING) {
                        struct timeval tv;
                        struct tv32 tv32;

                        (void) memcpy(&tv32, icp->icmp_data, sizeof(tv32));
                        tv.tv_sec = ntohl(tv32.tv32_sec);
                        tv.tv_usec = ntohl(tv32.tv32_usec);
                        triptime = diffsec(&last_rx, &tv);
---

Note ntohl() and htonl() is no-op on BE machines
and both tv32_sec and tv.tv_sec are signed,
while on LE machines ntohl() implicitly casts its arg to unsigned.

Ryo Shimizu (ryo@) has a patch for this problem.

---

Follow-Ups:
- Re: bin/45257: ping(8) prints bogus round-trip times after Year 2038
  - From: Ryo SHIMIZU

Prev by Date: Re: toolchain/45253: amd64 libgcc_eh.a broken
Next by Date: Re: bin/45257 (ping(8) prints bogus round-trip times after Year 2038)
Previous by Thread: port-sparc/45255: GCC 4.5.3 and sparc re-triggers the NULL savefpstate IPI issue
Next by Thread: Re: bin/45257: ping(8) prints bogus round-trip times after Year 2038
Indexes:

Home | Main Index | Thread Index | Old Index