Abort on error from ping's sendto(2) call

Instead of trying to continue sending echo packets in vain.

Closes: #323165

3 files changed, 96 insertions, 0 deletions

diff --git a/debian/changelog b/debian/changelog
index 8b5e977..6288311 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,8 @@ inetutils (2:1.8-6) UNRELEASED; urgency=high
   * Fix buffer overflow in telnetd allowing remote attackers to execute
     arbitrary code via a long encryption key. Patch taken from FreeBSD.
     CVE-2011-4862
+  * Abort on error from ping's sendto(2) call, instead of trying to continue
+    sending echo packets in vain. (Closes: #323165)
 
  -- Guillem Jover <guillem@debian.org>  Wed, 28 Dec 2011 02:25:37 +0100
 
diff --git a/debian/patches/30_ping-Abort-on-sendto-error.patch b/debian/patches/30_ping-Abort-on-sendto-error.patch
new file mode 100644
index 0000000..af1d54b
--- /dev/null
+++ b/debian/patches/30_ping-Abort-on-sendto-error.patch
@@ -0,0 +1,93 @@
+From 8920f43f1957ac1f94850af19905896e19cbc8d3 Mon Sep 17 00:00:00 2001
+From: Guillem Jover <guillem@hadrons.org>
+Date: Tue, 27 Dec 2011 23:44:05 +0100
+Subject: [PATCH] ping: Abort on sendto () error
+
+* ping/libping.c (ping_xmit): Return -1 instead of calling perror () on
+sendto () error.
+* ping/ping6.c (ping_xmit): Likewise.
+(send_echo): Error out instead of continuing sending packets.
+* ping/ping.c (send_echo): Likewise.
+---
+ ping/libping.c |    2 +-
+ ping/ping.c    |    8 +++++++-
+ ping/ping6.c   |   10 ++++++++--
+ 3 files changed, 16 insertions(+), 4 deletions(-)
+
+diff --git a/ping/libping.c b/ping/libping.c
+index 99b5cd5..6e6f415 100644
+--- a/ping/libping.c
++++ b/ping/libping.c
+@@ -144,7 +144,7 @@ ping_xmit (PING * p)
+   i = sendto (p->ping_fd, (char *) p->ping_buffer, buflen, 0,
+ 	      (struct sockaddr *) &p->ping_dest.ping_sockaddr, sizeof (struct sockaddr_in));
+   if (i < 0)
+-    perror ("ping: sendto");
++    return -1;
+   else
+     {
+       p->ping_num_xmit++;
+diff --git a/ping/ping.c b/ping/ping.c
+index b90ebec..db77f46 100644
+--- a/ping/ping.c
++++ b/ping/ping.c
+@@ -425,6 +425,7 @@ int
+ send_echo (PING * ping)
+ {
+   int off = 0;
++  int rc;
+ 
+   if (PING_TIMING (data_length))
+     {
+@@ -437,7 +438,12 @@ send_echo (PING * ping)
+     ping_set_data (ping, data_buffer, off,
+ 		   data_length > PING_HEADER_LEN ?
+ 		   data_length - PING_HEADER_LEN : data_length, USE_IPV6);
+-  return ping_xmit (ping);
++
++  rc = ping_xmit (ping);
++  if (rc < 0)
++    error (EXIT_FAILURE, errno, "sending packet");
++
++  return rc;
+ }
+ 
+ int
+diff --git a/ping/ping6.c b/ping/ping6.c
+index 6bb7618..a7425f4 100644
+--- a/ping/ping6.c
++++ b/ping/ping6.c
+@@ -381,6 +381,7 @@ static int
+ send_echo (PING * ping)
+ {
+   int off = 0;
++  int rc;
+ 
+   if (PING_TIMING (data_length))
+     {
+@@ -393,7 +394,12 @@ send_echo (PING * ping)
+     ping_set_data (ping, data_buffer, off,
+ 		   data_length > PING_HEADER_LEN ?
+ 		   data_length - PING_HEADER_LEN : data_length, USE_IPV6);
+-  return ping_xmit (ping);
++
++  rc = ping_xmit (ping);
++  if (rc < 0)
++    error (EXIT_FAILURE, errno, "sending packet");
++
++  return rc;
+ }
+ 
+ static int
+@@ -784,7 +790,7 @@ ping_xmit (PING * p)
+   i = sendto (p->ping_fd, (char *) p->ping_buffer, buflen, 0,
+ 	      (struct sockaddr *) &p->ping_dest.ping_sockaddr6, sizeof (p->ping_dest.ping_sockaddr6));
+   if (i < 0)
+-    perror ("ping: sendto");
++    return -1;
+   else
+     {
+       p->ping_num_xmit++;
+-- 
+1.7.7.3
+
diff --git a/debian/patches/series b/debian/patches/series
index 559f31c..ecf488c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,6 +2,7 @@
 02_remove_unused_opie_check.patch
 03_reduce_shared_lib_depends.patch
 22_syslogd_conf.patch
+30_ping-Abort-on-sendto-error.patch
 50_split_load_conffile.patch
 51_add_load_confdir_support.patch
 60_inetd_support_argless_services.patch