From ca2109254b4fe44dbb7c0c746ba136969ce608f4 Mon Sep 17 00:00:00 2001
From: mdodd <mdodd@FreeBSD.org>
Date: Mon, 7 Apr 2003 12:05:50 +0000
Subject: Deal with a case where the returned packed was smaller than the
 transmitted packet (because the remote host stripped off our icmp_data).

Submitted by:	 Maxim Konovalov <maxim@macomnet.ru>
---
 sbin/ping/ping.c | 29 +++++++++++++++++------------
 1 file changed, 17 insertions(+), 12 deletions(-)

(limited to 'sbin/ping/ping.c')

diff --git a/sbin/ping/ping.c b/sbin/ping/ping.c
index 0d41c92..1660760 100644
--- a/sbin/ping/ping.c
+++ b/sbin/ping/ping.c
@@ -955,17 +955,20 @@ pr_pack(buf, cc, from, tv)
 #endif
 			tp += phdr_len;
 
-			/* Copy to avoid alignment problems: */
-			memcpy(&tv1, tp, sizeof(tv1));
-			tvsub(tv, &tv1);
- 			triptime = ((double)tv->tv_sec) * 1000.0 +
- 			    ((double)tv->tv_usec) / 1000.0;
-			tsum += triptime;
-			tsumsq += triptime * triptime;
-			if (triptime < tmin)
-				tmin = triptime;
-			if (triptime > tmax)
-				tmax = triptime;
+			if (cc - ICMP_MINLEN - phdr_len >= sizeof(tv1)) {
+				/* Copy to avoid alignment problems: */
+				memcpy(&tv1, tp, sizeof(tv1));
+				tvsub(tv, &tv1);
+ 				triptime = ((double)tv->tv_sec) * 1000.0 +
+ 				    ((double)tv->tv_usec) / 1000.0;
+				tsum += triptime;
+				tsumsq += triptime * triptime;
+				if (triptime < tmin)
+					tmin = triptime;
+				if (triptime > tmax)
+					tmax = triptime;
+			} else
+				timing = 0;
 		}
 
 		seq = ntohs(icp->icmp_seq);
@@ -1008,7 +1011,9 @@ pr_pack(buf, cc, from, tv)
 			/* check the data */
 			cp = (u_char*)&icp->icmp_data[phdr_len];
 			dp = &outpack[MINICMPLEN + phdr_len];
-			for (i = phdr_len; i < datalen; ++i, ++cp, ++dp) {
+			cc -= ICMP_MINLEN + phdr_len;
+			for (i = phdr_len; i < datalen && cc != 0;
+			     ++i, ++cp, ++dp, cc--) {
 				if (*cp != *dp) {
 	(void)printf("\nwrong data byte #%d should be 0x%x but was 0x%x",
 	    i, *dp, *cp);
-- 
cgit v1.1