From owner-svn-src-all@freebsd.org Sat Dec 8 00:28:29 2018 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BD0DA13266E8; Sat, 8 Dec 2018 00:28:28 +0000 (UTC) (envelope-from eugen@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 60E277FECF; Sat, 8 Dec 2018 00:28:28 +0000 (UTC) (envelope-from eugen@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 41DCC1A75F; Sat, 8 Dec 2018 00:28:28 +0000 (UTC) (envelope-from eugen@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wB80SSQk020985; Sat, 8 Dec 2018 00:28:28 GMT (envelope-from eugen@FreeBSD.org) Received: (from eugen@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wB80SSJM020984; Sat, 8 Dec 2018 00:28:28 GMT (envelope-from eugen@FreeBSD.org) Message-Id: <201812080028.wB80SSJM020984@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: eugen set sender to eugen@FreeBSD.org using -f From: Eugene Grosbein Date: Sat, 8 Dec 2018 00:28:28 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org Subject: svn commit: r341713 - stable/12/sbin/ping X-SVN-Group: stable-12 X-SVN-Commit-Author: eugen X-SVN-Commit-Paths: stable/12/sbin/ping X-SVN-Commit-Revision: 341713 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 60E277FECF X-Spamd-Result: default: False [-2.95 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.997,0]; NEURAL_HAM_SHORT(-0.96)[-0.962,0]; NEURAL_HAM_LONG(-0.99)[-0.990,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 08 Dec 2018 00:28:29 -0000 Author: eugen Date: Sat Dec 8 00:28:27 2018 New Revision: 341713 URL: https://svnweb.freebsd.org/changeset/base/341713 Log: MFC r340245: ping(8): improve diagnostics in case of wrong arguments. For example, in case of super-user: $ sudo ping -s -64 127.0.0.1 PING 127.0.0.1 (127.0.0.1): -64 data bytes ping: sendto: Invalid argument For unprivileged user: $ ping -s -64 127.0.0.1 ping: packet size too large: 18446744073709551552 > 56: Operation not permitted Fix this by switching from strtoul() to strtol() for integer arguments and adding explicit checks for negative values. Modified: stable/12/sbin/ping/ping.c Directory Properties: stable/12/ (props changed) Modified: stable/12/sbin/ping/ping.c ============================================================================== --- stable/12/sbin/ping/ping.c Fri Dec 7 23:07:51 2018 (r341712) +++ stable/12/sbin/ping/ping.c Sat Dec 8 00:28:27 2018 (r341713) @@ -242,7 +242,8 @@ main(int argc, char *const *argv) #endif struct sockaddr_in *to; double t; - u_long alarmtimeout, ultmp; + u_long alarmtimeout; + long ltmp; int almost_done, ch, df, hold, i, icmp_len, mib[4], preload; int ssend_errno, srecv_errno, tos, ttl; char ctrl[CMSG_SPACE(sizeof(struct timeval))]; @@ -311,12 +312,12 @@ main(int argc, char *const *argv) options |= F_AUDIBLE; break; case 'c': - ultmp = strtoul(optarg, &ep, 0); - if (*ep || ep == optarg || ultmp > LONG_MAX || !ultmp) + ltmp = strtol(optarg, &ep, 0); + if (*ep || ep == optarg || ltmp > LONG_MAX || ltmp <=0) errx(EX_USAGE, "invalid count of packets to transmit: `%s'", optarg); - npackets = ultmp; + npackets = ltmp; break; case 'D': options |= F_HDRINCL; @@ -334,46 +335,46 @@ main(int argc, char *const *argv) setbuf(stdout, (char *)NULL); break; case 'G': /* Maximum packet size for ping sweep */ - ultmp = strtoul(optarg, &ep, 0); - if (*ep || ep == optarg) + ltmp = strtol(optarg, &ep, 0); + if (*ep || ep == optarg || ltmp <= 0) errx(EX_USAGE, "invalid packet size: `%s'", optarg); - if (uid != 0 && ultmp > DEFDATALEN) { + if (uid != 0 && ltmp > DEFDATALEN) { errno = EPERM; err(EX_NOPERM, - "packet size too large: %lu > %u", - ultmp, DEFDATALEN); + "packet size too large: %ld > %u", + ltmp, DEFDATALEN); } options |= F_SWEEP; - sweepmax = ultmp; + sweepmax = ltmp; break; case 'g': /* Minimum packet size for ping sweep */ - ultmp = strtoul(optarg, &ep, 0); - if (*ep || ep == optarg) + ltmp = strtol(optarg, &ep, 0); + if (*ep || ep == optarg || ltmp <= 0) errx(EX_USAGE, "invalid packet size: `%s'", optarg); - if (uid != 0 && ultmp > DEFDATALEN) { + if (uid != 0 && ltmp > DEFDATALEN) { errno = EPERM; err(EX_NOPERM, - "packet size too large: %lu > %u", - ultmp, DEFDATALEN); + "packet size too large: %ld > %u", + ltmp, DEFDATALEN); } options |= F_SWEEP; - sweepmin = ultmp; + sweepmin = ltmp; break; case 'h': /* Packet size increment for ping sweep */ - ultmp = strtoul(optarg, &ep, 0); - if (*ep || ep == optarg || ultmp < 1) + ltmp = strtol(optarg, &ep, 0); + if (*ep || ep == optarg || ltmp < 1) errx(EX_USAGE, "invalid increment size: `%s'", optarg); - if (uid != 0 && ultmp > DEFDATALEN) { + if (uid != 0 && ltmp > DEFDATALEN) { errno = EPERM; err(EX_NOPERM, - "packet size too large: %lu > %u", - ultmp, DEFDATALEN); + "packet size too large: %ld > %u", + ltmp, DEFDATALEN); } options |= F_SWEEP; - sweepincr = ultmp; + sweepincr = ltmp; break; case 'I': /* multicast interface */ if (inet_aton(optarg, &ifaddr) == 0) @@ -399,15 +400,15 @@ main(int argc, char *const *argv) loop = 0; break; case 'l': - ultmp = strtoul(optarg, &ep, 0); - if (*ep || ep == optarg || ultmp > INT_MAX) + ltmp = strtol(optarg, &ep, 0); + if (*ep || ep == optarg || ltmp > INT_MAX || ltmp < 0) errx(EX_USAGE, "invalid preload value: `%s'", optarg); if (uid) { errno = EPERM; err(EX_NOPERM, "-l flag"); } - preload = ultmp; + preload = ltmp; break; case 'M': switch(optarg[0]) { @@ -425,10 +426,10 @@ main(int argc, char *const *argv) } break; case 'm': /* TTL */ - ultmp = strtoul(optarg, &ep, 0); - if (*ep || ep == optarg || ultmp > MAXTTL) + ltmp = strtol(optarg, &ep, 0); + if (*ep || ep == optarg || ltmp > MAXTTL || ltmp < 0) errx(EX_USAGE, "invalid TTL: `%s'", optarg); - ttl = ultmp; + ttl = ltmp; options |= F_TTL; break; case 'n': @@ -470,24 +471,24 @@ main(int argc, char *const *argv) source = optarg; break; case 's': /* size of packet to send */ - ultmp = strtoul(optarg, &ep, 0); - if (*ep || ep == optarg) + ltmp = strtol(optarg, &ep, 0); + if (*ep || ep == optarg || ltmp < 0) errx(EX_USAGE, "invalid packet size: `%s'", optarg); - if (uid != 0 && ultmp > DEFDATALEN) { + if (uid != 0 && ltmp > DEFDATALEN) { errno = EPERM; err(EX_NOPERM, - "packet size too large: %lu > %u", - ultmp, DEFDATALEN); + "packet size too large: %ld > %u", + ltmp, DEFDATALEN); } - datalen = ultmp; + datalen = ltmp; break; case 'T': /* multicast TTL */ - ultmp = strtoul(optarg, &ep, 0); - if (*ep || ep == optarg || ultmp > MAXTTL) + ltmp = strtol(optarg, &ep, 0); + if (*ep || ep == optarg || ltmp > MAXTTL || ltmp < 0) errx(EX_USAGE, "invalid multicast TTL: `%s'", optarg); - mttl = ultmp; + mttl = ltmp; options |= F_MTTL; break; case 't': @@ -513,10 +514,10 @@ main(int argc, char *const *argv) break; case 'z': options |= F_HDRINCL; - ultmp = strtoul(optarg, &ep, 0); - if (*ep || ep == optarg || ultmp > MAXTOS) + ltmp = strtol(optarg, &ep, 0); + if (*ep || ep == optarg || ltmp > MAXTOS || ltmp < 0) errx(EX_USAGE, "invalid TOS: `%s'", optarg); - tos = ultmp; + tos = ltmp; break; default: usage();