PR/36997 CVS commit: [netbsd-7-0] src/sbin/ping

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,zafer%aydogan.de@localhost
Subject: PR/36997 CVS commit: [netbsd-7-0] src/sbin/ping
From: "Soren Jacobsen" <snj%netbsd.org@localhost>
Date: Sun, 18 Dec 2016 08:45:01 +0000 (UTC)

The following reply was made to PR bin/36997; it has been noted by GNATS.

From: "Soren Jacobsen" <snj%netbsd.org@localhost>
To: gnats-bugs%gnats.NetBSD.org@localhost
Cc: 
Subject: PR/36997 CVS commit: [netbsd-7-0] src/sbin/ping
Date: Sun, 18 Dec 2016 08:40:54 +0000

 Module Name:	src
 Committed By:	snj
 Date:		Sun Dec 18 08:40:54 UTC 2016

 Modified Files:
 	src/sbin/ping [netbsd-7-0]: ping.c

 Log Message:
 Pull up following revision(s) (requested by dholland in ticket #1333):
 	sbin/ping/ping.c: revision 1.113
 PR bin/36997 Zafer Aydogan: ping doesn't validate numeric inputs enough.
 Check for values between INT_MAX and LONG_MAX (if they're different)
 when using strtol to get an int. This applies to the -c and -l options;
 the other uses were already checked.
 Also limit the inter-packet interval given with -i to values that
 don't cause integer overflow calling poll() with milliseconds.
 Really large intervals (the number is read as floating point) can
 produce positive poll() values but negative integers when converted to
 struct timespec; this produces behavior akin to using -l at first and
 could be construed as a local DoS vulnerability.

 To generate a diff of this commit:
 cvs rdiff -u -r1.107.4.1 -r1.107.4.1.2.1 src/sbin/ping/ping.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

Prev by Date: Re: bin/51726: sort -n ignored if given after -k
Next by Date: Re: bin/51726: sort -n ignored if given after -k
Previous by Thread: PR/36997 CVS commit: [netbsd-7] src/sbin/ping
Next by Thread: Re: bin/50484 (script command of vi(1) is broken)
Indexes:

Home | Main Index | Thread Index | Old Index