Re: [PATCH] net: ping: check minimum size on ICMP header length
From: Lorenzo Colitti
Date: Sun Dec 04 2016 - 22:36:14 EST
On Sat, Dec 3, 2016 at 9:58 AM, Kees Cook <keescook@xxxxxxxxxxxx> wrote:
> - if (len > 0xFFFF)
> + if (len > 0xFFFF || len < icmph_len)
> return -EMSGSIZE;
EMSGSIZE usually means the message is too long. Maybe use EINVAL?
That's what the code will return if the passed-in ICMP header is
invalid (e.g., is not an echo request).