From ce6ef543377504646b626b045dd9204b939eb04e Mon Sep 17 00:00:00 2001
From: Andreas Kling <kling@serenityos.org>
Date: Tue, 20 Oct 2020 17:53:11 +0200
Subject: [PATCH] ICMP: Check that incoming ICMP echo requests are large enough

Otherwise, just ignore them.
---
 Kernel/Net/NetworkTask.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Kernel/Net/NetworkTask.cpp b/Kernel/Net/NetworkTask.cpp
index 913ad877c2..69fb48f5ec 100644
--- a/Kernel/Net/NetworkTask.cpp
+++ b/Kernel/Net/NetworkTask.cpp
@@ -276,6 +276,10 @@ void handle_icmp(const EthernetFrameHeader& eth, const IPv4Packet& ipv4_packet,
         auto& request = reinterpret_cast<const ICMPEchoPacket&>(icmp_header);
         klog() << "handle_icmp: EchoRequest from " << ipv4_packet.source().to_string().characters() << ": id=" << (u16)request.identifier << ", seq=" << (u16)request.sequence_number;
         size_t icmp_packet_size = ipv4_packet.payload_size();
+        if (icmp_packet_size < sizeof(ICMPEchoPacket)) {
+            klog() << "handle_icmp: EchoRequest packet is too small, ignoring.";
+            return;
+        }
         auto buffer = ByteBuffer::create_zeroed(icmp_packet_size);
         auto& response = *(ICMPEchoPacket*)buffer.data();
         response.header.set_type(ICMPType::EchoReply);