From d7ffe9ddf524b0ff13088b2685bd9cfde5e580f5 Mon Sep 17 00:00:00 2001
From: Mats Erik Andersson <gnu@gisladisker.se>
Date: Thu, 17 Jan 2013 10:34:55 +0100
Subject: [PATCH] ping: CVE-2010-2529

	CVE-2010-2529: Infinite loop.

	* ping/ping_echo.c (print_ip_opt) <IPOPT_RR>: Break loop
	if option is truncated or exhausted.

---

diff --git a/ping/ping_echo.c b/ping/ping_echo.c
index 634e178..e83ccff 100644
--- a/ping/ping_echo.c
+++ b/ping/ping_echo.c
@@ -499,7 +499,7 @@ print_ip_opt (struct ip *ip, int hlen)
 	  i = j;
 	i -= IPOPT_MINOFF;
 	if (i <= 0)
-	  continue;
+	  break;
 	if (i == old_rrlen
 	    && cp == (unsigned char *) (ip + 1) + 2
 	    && !memcmp ((char *) cp, old_rr, i) && !(options & OPT_FLOOD))
-- 
1.8.1.1