ICMP: Check that incoming ICMP echo requests are large enough

Otherwise, just ignore them.
author: Andreas Kling <kling@serenityos.org> 2020-10-20 17:53:11 +0200
committer: Andreas Kling <kling@serenityos.org> 2020-10-20 18:10:10 +0200
commit: ce6ef543377504646b626b045dd9204b939eb04e (patch)
tree: c0b9fb20134cef9ec38aa0082ed501d3edbfe012 /Kernel
parent: 0af2795662f1640dbda80500a4c9f7200af01a15 (diff)
download: serenity-ce6ef543377504646b626b045dd9204b939eb04e.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/Kernel/Net/NetworkTask.cpp b/Kernel/Net/NetworkTask.cpp
index 913ad877c2..69fb48f5ec 100644
--- a/Kernel/Net/NetworkTask.cpp
+++ b/Kernel/Net/NetworkTask.cpp
@@ -276,6 +276,10 @@ void handle_icmp(const EthernetFrameHeader& eth, const IPv4Packet& ipv4_packet,
         auto& request = reinterpret_cast<const ICMPEchoPacket&>(icmp_header);
         klog() << "handle_icmp: EchoRequest from " << ipv4_packet.source().to_string().characters() << ": id=" << (u16)request.identifier << ", seq=" << (u16)request.sequence_number;
         size_t icmp_packet_size = ipv4_packet.payload_size();
+        if (icmp_packet_size < sizeof(ICMPEchoPacket)) {
+            klog() << "handle_icmp: EchoRequest packet is too small, ignoring.";
+            return;
+        }
         auto buffer = ByteBuffer::create_zeroed(icmp_packet_size);
         auto& response = *(ICMPEchoPacket*)buffer.data();
         response.header.set_type(ICMPType::EchoReply);
author	Andreas Kling <kling@serenityos.org>	2020-10-20 17:53:11 +0200
committer	Andreas Kling <kling@serenityos.org>	2020-10-20 18:10:10 +0200
commit	ce6ef543377504646b626b045dd9204b939eb04e (patch)
tree	c0b9fb20134cef9ec38aa0082ed501d3edbfe012 /Kernel
parent	0af2795662f1640dbda80500a4c9f7200af01a15 (diff)
download	serenity-ce6ef543377504646b626b045dd9204b939eb04e.zip