From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751636AbcLEDgL (ORCPT <rfc822;w@1wt.eu>);
        Sun, 4 Dec 2016 22:36:11 -0500
Received: from mail-io0-f175.google.com ([209.85.223.175]:36318 "EHLO
        mail-io0-f175.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751120AbcLEDgJ (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 4 Dec 2016 22:36:09 -0500
MIME-Version: 1.0
In-Reply-To: <20161203005853.GA117599@beast>
References: <20161203005853.GA117599@beast>
From: Lorenzo Colitti <lorenzo@google.com>
Date: Mon, 5 Dec 2016 12:35:47 +0900
Message-ID: <CAKD1Yr30VVN=fmE8GpQ-hUv1bGVC=OxATpRpspruD2CPhKOnYQ@mail.gmail.com>
Subject: Re: [PATCH] net: ping: check minimum size on ICMP header length
To: Kees Cook <keescook@chromium.org>
Cc: "David S. Miller" <davem@davemloft.net>,
        "netdev@vger.kernel.org" <netdev@vger.kernel.org>,
        Min Chong <mchong@google.com>, Qidan He <i@flanker017.me>,
        Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>,
        James Morris <jmorris@namei.org>,
        Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>,
        Patrick McHardy <kaber@trash.net>, lkml <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Sat, Dec 3, 2016 at 9:58 AM, Kees Cook <keescook@chromium.org> wrote:
> -       if (len > 0xFFFF)
> +       if (len > 0xFFFF || len < icmph_len)
>                 return -EMSGSIZE;

EMSGSIZE usually means the message is too long. Maybe use EINVAL?
That's what the code will return if the passed-in ICMP header is
invalid (e.g., is not an echo request).