ping: do not leak data from stack; shrink

FANCY ping: function old new delta common_ping_main 386 1732 +1346 sendping6 98 83 -15 sendping4 188 158 -30 ping4 575 - -575 ping6 756 - -756 ------------------------------------------------------------------------------ (add/remove: 0/2 grow/shrink: 1/2 up/down: 1346/-1376) Total: -30 bytes !FANCY ping: function old new delta hostname 4 - -4 common_ping_main 566 499 -67 Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
2024-08-20 19:29:02 +00:00 · 2010-03-03 01:10:29 +01:00 · 2010-03-03 01:10:29 +01:00 · 9341fd2d30
commit 9341fd2d30
parent 5749328b56
1 changed files with 57 additions and 47 deletions
--- a/networking/ping.c
+++ b/networking/ping.c
@ -43,13 +43,12 @@ enum {
 	DEFDATALEN = 56,
 	MAXIPLEN = 60,
 	MAXICMPLEN = 76,
-	MAXPACKET = 65468,
 	MAX_DUP_CHK = (8 * 128),
 	MAXWAIT = 10,
 	PINGINTERVAL = 1, /* 1 second */
 };

-/* common routines */
+/* Common routines */

 static int in_cksum(unsigned short *buf, int sz)
 {
@ -76,40 +75,41 @@ static int in_cksum(unsigned short *buf, int sz)

 #if !ENABLE_FEATURE_FANCY_PING

-/* simple version */
+/* Simple version */

-static char *hostname;
+struct globals {
+	char *hostname;
+	char packet[DEFDATALEN + MAXIPLEN + MAXICMPLEN];
+} FIX_ALIASING;
+#define G (*(struct globals*)&bb_common_bufsiz1)
+#define INIT_G() do { } while (0)

 static void noresp(int ign UNUSED_PARAM)
 {
-	printf("No response from %s\n", hostname);
+	printf("No response from %s\n", G.hostname);
 	exit(EXIT_FAILURE);
 }

 static void ping4(len_and_sockaddr *lsa)
 {
-	struct sockaddr_in pingaddr;
 	struct icmp *pkt;
 	int pingsock, c;
-	char packet[DEFDATALEN + MAXIPLEN + MAXICMPLEN];

 	pingsock = create_icmp_socket();
-	pingaddr = lsa->u.sin;

-	pkt = (struct icmp *) packet;
-	memset(pkt, 0, sizeof(packet));
+	pkt = (struct icmp *) G.packet;
+	memset(pkt, 0, sizeof(G.packet));
 	pkt->icmp_type = ICMP_ECHO;
-	pkt->icmp_cksum = in_cksum((unsigned short *) pkt, sizeof(packet));
+	pkt->icmp_cksum = in_cksum((unsigned short *) pkt, sizeof(G.packet));

-	c = xsendto(pingsock, packet, DEFDATALEN + ICMP_MINLEN,
-			   (struct sockaddr *) &pingaddr, sizeof(pingaddr));
+	xsendto(pingsock, G.packet, DEFDATALEN + ICMP_MINLEN, &lsa->u.sa, lsa->len);

 	/* listen for replies */
 	while (1) {
 		struct sockaddr_in from;
 		socklen_t fromlen = sizeof(from);

-		c = recvfrom(pingsock, packet, sizeof(packet), 0,
+		c = recvfrom(pingsock, G.packet, sizeof(G.packet), 0,
 				(struct sockaddr *) &from, &fromlen);
 		if (c < 0) {
 			if (errno != EINTR)
@ -117,9 +117,9 @@ static void ping4(len_and_sockaddr *lsa)
 			continue;
 		}
 		if (c >= 76) {			/* ip + icmp */
-			struct iphdr *iphdr = (struct iphdr *) packet;
+			struct iphdr *iphdr = (struct iphdr *) G.packet;

-			pkt = (struct icmp *) (packet + (iphdr->ihl << 2));	/* skip ip hdr */
+			pkt = (struct icmp *) (G.packet + (iphdr->ihl << 2));	/* skip ip hdr */
 			if (pkt->icmp_type == ICMP_ECHOREPLY)
 				break;
 		}
@ -131,31 +131,27 @@ static void ping4(len_and_sockaddr *lsa)
 #if ENABLE_PING6
 static void ping6(len_and_sockaddr *lsa)
 {
-	struct sockaddr_in6 pingaddr;
 	struct icmp6_hdr *pkt;
 	int pingsock, c;
 	int sockopt;
-	char packet[DEFDATALEN + MAXIPLEN + MAXICMPLEN];

 	pingsock = create_icmp6_socket();
-	pingaddr = lsa->u.sin6;

-	pkt = (struct icmp6_hdr *) packet;
-	memset(pkt, 0, sizeof(packet));
+	pkt = (struct icmp6_hdr *) G.packet;
+	memset(pkt, 0, sizeof(G.packet));
 	pkt->icmp6_type = ICMP6_ECHO_REQUEST;

 	sockopt = offsetof(struct icmp6_hdr, icmp6_cksum);
 	setsockopt(pingsock, SOL_RAW, IPV6_CHECKSUM, &sockopt, sizeof(sockopt));

-	c = xsendto(pingsock, packet, DEFDATALEN + sizeof (struct icmp6_hdr),
-			   (struct sockaddr *) &pingaddr, sizeof(pingaddr));
+	xsendto(pingsock, G.packet, DEFDATALEN + sizeof(struct icmp6_hdr), &lsa->u.sa, lsa->len);

 	/* listen for replies */
 	while (1) {
 		struct sockaddr_in6 from;
 		socklen_t fromlen = sizeof(from);

-		c = recvfrom(pingsock, packet, sizeof(packet), 0,
+		c = recvfrom(pingsock, G.packet, sizeof(G.packet), 0,
 				(struct sockaddr *) &from, &fromlen);
 		if (c < 0) {
 			if (errno != EINTR)
@ -163,7 +159,7 @@ static void ping6(len_and_sockaddr *lsa)
 			continue;
 		}
 		if (c >= ICMP_MINLEN) {			/* icmp6_hdr */
-			pkt = (struct icmp6_hdr *) packet;
+			pkt = (struct icmp6_hdr *) G.packet;
 			if (pkt->icmp6_type == ICMP6_ECHO_REPLY)
 				break;
 		}
@ -180,6 +176,8 @@ static int common_ping_main(sa_family_t af, char **argv)
 {
 	len_and_sockaddr *lsa;

+	INIT_G();
+
 #if ENABLE_PING6
 	while ((++argv)[0] && argv[0][0] == '-') {
 		if (argv[0][1] == '4') {
@ -196,14 +194,14 @@ static int common_ping_main(sa_family_t af, char **argv)
 	argv++;
 #endif

-	hostname = *argv;
-	if (!hostname)
+	G.hostname = *argv;
+	if (!G.hostname)
 		bb_show_usage();

 #if ENABLE_PING6
-	lsa = xhost_and_af2sockaddr(hostname, 0, af);
+	lsa = xhost_and_af2sockaddr(G.hostname, 0, af);
 #else
-	lsa = xhost_and_af2sockaddr(hostname, 0, AF_INET);
+	lsa = xhost_and_af2sockaddr(G.hostname, 0, AF_INET);
 #endif
 	/* Set timer _after_ DNS resolution */
 	signal(SIGALRM, noresp);
@ -215,7 +213,7 @@ static int common_ping_main(sa_family_t af, char **argv)
 	else
 #endif
 		ping4(lsa);
-	printf("%s is alive!\n", hostname);
+	printf("%s is alive!\n", G.hostname);
 	return EXIT_SUCCESS;
 }

@ -223,7 +221,7 @@ static int common_ping_main(sa_family_t af, char **argv)
 #else /* FEATURE_FANCY_PING */


-/* full(er) version */
+/* Full(er) version */

 #define OPT_STRING ("qvc:s:w:W:I:4" IF_PING6("6"))
 enum {
@ -253,6 +251,9 @@ struct globals {
 	unsigned deadline;
 	unsigned timeout;
 	unsigned total_secs;
+	unsigned sizeof_rcv_packet;
+	char *rcv_packet; /* [datalen + MAXIPLEN + MAXICMPLEN] */
+	void *snd_packet; /* [datalen + ipv4/ipv6_const] */
 	const char *hostname;
 	const char *dotted;
 	union {
@ -370,19 +371,20 @@ static void sendping_tail(void (*sp)(int), const void *pkt, int size_pkt)

 static void sendping4(int junk UNUSED_PARAM)
 {
-	/* +4 reserves a place for timestamp, which may end up sitting
-	 * *after* packet. Saves one if() */
-	struct icmp *pkt = alloca(datalen + ICMP_MINLEN + 4);
+	struct icmp *pkt = G.snd_packet;

-	memset(pkt, 0, datalen + ICMP_MINLEN + 4);
+	//memset(pkt, 0, datalen + ICMP_MINLEN + 4); - G.snd_packet was xzalloced
 	pkt->icmp_type = ICMP_ECHO;
 	/*pkt->icmp_code = 0;*/
-	/*pkt->icmp_cksum = 0;*/
+	pkt->icmp_cksum = 0; /* cksum is calculated with this field set to 0 */
 	pkt->icmp_seq = htons(ntransmitted); /* don't ++ here, it can be a macro */
 	pkt->icmp_id = myid;

-	/* We don't do hton, because we will read it back on the same machine */
+	/* If datalen < 4, we store timestamp _past_ the packet,
+	 * but it's ok - we allocated 4 extra bytes in xzalloc() just in case.
+	 */
 	/*if (datalen >= 4)*/
+		/* No hton: we'll read it back on the same machine */
 		*(uint32_t*)&pkt->icmp_dun = monotonic_us();

 	pkt->icmp_cksum = in_cksum((unsigned short *) pkt, datalen + ICMP_MINLEN);
@ -394,7 +396,7 @@ static void sendping6(int junk UNUSED_PARAM)
 {
 	struct icmp6_hdr *pkt = alloca(datalen + sizeof(struct icmp6_hdr) + 4);

-	memset(pkt, 0, datalen + sizeof(struct icmp6_hdr) + 4);
+	//memset(pkt, 0, datalen + sizeof(struct icmp6_hdr) + 4);
 	pkt->icmp6_type = ICMP6_ECHO_REQUEST;
 	/*pkt->icmp6_code = 0;*/
 	/*pkt->icmp6_cksum = 0;*/
@ -404,6 +406,8 @@ static void sendping6(int junk UNUSED_PARAM)
 	/*if (datalen >= 4)*/
 		*(uint32_t*)(&pkt->icmp6_data8[4]) = monotonic_us();

+	//TODO? pkt->icmp_cksum = in_cksum(...);
+
 	sendping_tail(sendping6, pkt, datalen + sizeof(struct icmp6_hdr));
 }
 #endif
@ -561,7 +565,6 @@ static void unpack6(char *packet, int sz, /*struct sockaddr_in6 *from,*/ int hop

 static void ping4(len_and_sockaddr *lsa)
 {
-	char packet[datalen + MAXIPLEN + MAXICMPLEN];
 	int sockopt;

 	pingsock = create_icmp_socket();
@ -594,14 +597,14 @@ static void ping4(len_and_sockaddr *lsa)
 		socklen_t fromlen = (socklen_t) sizeof(from);
 		int c;

-		c = recvfrom(pingsock, packet, sizeof(packet), 0,
+		c = recvfrom(pingsock, G.rcv_packet, G.sizeof_rcv_packet, 0,
 				(struct sockaddr *) &from, &fromlen);
 		if (c < 0) {
 			if (errno != EINTR)
 				bb_perror_msg("recvfrom");
 			continue;
 		}
-		unpack4(packet, c, &from);
+		unpack4(G.rcv_packet, c, &from);
 		if (pingcount && nreceived >= pingcount)
 			break;
 	}
@ -610,7 +613,6 @@ static void ping4(len_and_sockaddr *lsa)
 extern int BUG_bad_offsetof_icmp6_cksum(void);
 static void ping6(len_and_sockaddr *lsa)
 {
-	char packet[datalen + MAXIPLEN + MAXICMPLEN];
 	int sockopt;
 	struct msghdr msg;
 	struct sockaddr_in6 from;
@ -670,8 +672,8 @@ static void ping6(len_and_sockaddr *lsa)
 	msg.msg_iov = &iov;
 	msg.msg_iovlen = 1;
 	msg.msg_control = control_buf;
-	iov.iov_base = packet;
-	iov.iov_len = sizeof(packet);
+	iov.iov_base = G.rcv_packet;
+	iov.iov_len = G.sizeof_rcv_packet;
 	while (1) {
 		int c;
 		struct cmsghdr *mp;
@ -694,7 +696,7 @@ static void ping6(len_and_sockaddr *lsa)
 				move_from_unaligned_int(hoplimit, CMSG_DATA(mp));
 			}
 		}
-		unpack6(packet, c, /*&from,*/ hoplimit);
+		unpack6(G.rcv_packet, c, /*&from,*/ hoplimit);
 		if (pingcount && nreceived >= pingcount)
 			break;
 	}
@ -710,12 +712,20 @@ static void ping(len_and_sockaddr *lsa)
 	}
 	printf(": %d data bytes\n", datalen);

+	G.sizeof_rcv_packet = datalen + MAXIPLEN + MAXICMPLEN;
+	G.rcv_packet = xzalloc(G.sizeof_rcv_packet);
 #if ENABLE_PING6
-	if (lsa->u.sa.sa_family == AF_INET6)
+	if (lsa->u.sa.sa_family == AF_INET6) {
+		/* +4 reserves a place for timestamp, which may end up sitting
+		 * _after_ packet. Saves one if() - see sendping4/6() */
+		G.snd_packet = xzalloc(datalen + sizeof(struct icmp6_hdr) + 4);
 		ping6(lsa);
-	else
+	} else
 #endif
+	{
+		G.snd_packet = xzalloc(datalen + ICMP_MINLEN + 4);
 		ping4(lsa);
+	}
 }

 static int common_ping_main(int opt, char **argv)