[PATCH 05/10] net: icmp: don't overrun buffer on send

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


len is the size of the ICMP echo request and the ICMP echo response will
have the exact same size, but the code erroneously, copied ETHER_HDR_SIZE
bytes worth of extra data beyond the buffer and sent that out.

Fix this by using the correct length.

Signed-off-by: Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx>
 net/net.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/net.c b/net/net.c
index 754a764d2a49..a9d130635417 100644
--- a/net/net.c
+++ b/net/net.c
@@ -715,9 +715,9 @@ static int ping_reply(struct eth_device *edev, unsigned char *pkt, int len)
 	if (!packet)
 		return 0;
-	memcpy(packet, pkt, ETHER_HDR_SIZE + len);
+	memcpy(packet, pkt, len);
-	ret = eth_send(edev, packet, ETHER_HDR_SIZE + len);
+	ret = eth_send(edev, packet, len);

[Index of Archives]     [Linux Embedded]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux