Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751636AbcLEDgL (ORCPT ); Sun, 4 Dec 2016 22:36:11 -0500 Received: from mail-io0-f175.google.com ([209.85.223.175]:36318 "EHLO mail-io0-f175.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751120AbcLEDgJ (ORCPT ); Sun, 4 Dec 2016 22:36:09 -0500 MIME-Version: 1.0 In-Reply-To: <20161203005853.GA117599@beast> References: <20161203005853.GA117599@beast> From: Lorenzo Colitti Date: Mon, 5 Dec 2016 12:35:47 +0900 Message-ID: Subject: Re: [PATCH] net: ping: check minimum size on ICMP header length To: Kees Cook Cc: "David S. Miller" , "netdev@vger.kernel.org" , Min Chong , Qidan He , Alexey Kuznetsov , James Morris , Hideaki YOSHIFUJI , Patrick McHardy , lkml Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 356 Lines: 8 On Sat, Dec 3, 2016 at 9:58 AM, Kees Cook wrote: > - if (len > 0xFFFF) > + if (len > 0xFFFF || len < icmph_len) > return -EMSGSIZE; EMSGSIZE usually means the message is too long. Maybe use EINVAL? That's what the code will return if the passed-in ICMP header is invalid (e.g., is not an echo request).