K 10
svn:author
V 6
gordon
K 8
svn:date
V 27
2022-11-29T23:16:17.078593Z
K 7
svn:log
V 885
ping: Fix handling of IP packet sizes

Ping reads raw IP packets to parse ICMP responses. When reading the
IP Header Len (IHL) ping was was taking the value from the provided
packet without any validation. This could lead to remotely triggerable
stack corruption.

Validate the IHL against expected and recieved data sizes when reading
from the received packet and when reading any quoted packets from within
the ICMP response.

Approved by:	so
Reviewed by:	markj, asomers
Security:	FreeBSD-SA-22:15.ping
Security:	CVE-2022-23093
Sponsored by:   NetApp, Inc.
Sponsored by:   Klara, Inc.
X-NetApp-PR:    #77
Differential Revision: https://reviews.freebsd.org/D37195

(cherry picked from commit 46d7b45a267b3d78c5054b210ff7b6c55bfca42b)
(cherry picked from commit 94395be05c14649cfc8e98551be9b2da8535637e)

Git Hash:   e0cb8021a8e079787d8a30c0e55018a91dd9a2f3
Git Author: thj@FreeBSD.org
END