Hi,
Squid 2.5 and Squid 3
file pinger.c/pinger.cc, function pingerSendEcho()
1)
I have
//MAX_PKT_SZ=294, sizeof(pkt)=294, sizeof(struct
icmhdr)=28,sizeof(icmpEchoData)=268,
//28+268=296 > 294!
so it is possible to have a big problem in/with xmemcpy
if (payload) {
if (len > MAX_PAYLOAD)
len = MAX_PAYLOAD;
xmemcpy(echo->payload, payload, len);
Can we write beyond pkt array and just to icmp pointer ?
It seems that we can and the code should be corrected in some way
2) Just look at Squid3 and a number versions of v2.xx
in 2.5 we have
icmp_pktsize += sizeof(struct timeval) + sizeof(char);
In 3.0 and 2.4
icmp_pktsize += sizeof(icmpEchoData) - MAX_PAYLOAD;
definitly that with different stucture alingment we will have differet
values for icmp_pktsize in both cases, so what is right ?
SY,
Evgeny Kotsuba
Received on Thu Apr 15 2004 - 17:43:51 MDT
This archive was generated by hypermail pre-2.1.9 : Thu Apr 29 2004 - 12:00:03 MDT