About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Stack Overflow in Ping - FreeBSD- 1035

Tom Jones - FreeBSDPosted 3 Years Ago
  • ping is a program to test network reachability of remote hosts. ping makes use of raw sockets in order to make ICMP messages.
  • ping reads raw IP packages from the network responses. As part of this processing, ping must reconstruct the IP header, the ICMP header and the quoted packet (error packet). While parsing this, a bunch of data is copied around.
  • While pr_pack() copies received IP and ICMP header into stack buffers. However, the sizes of these buffers don't consider that an IP option headers are following the response. When IP options are present, this creates a 40 byte buffer overflow on the stack.
  • With modern binary protections like ASLR, stack canary, etc. in place it is unlikely that this could lead to exploited remotely. ping runs in capability mode sandbox as well, which drastically changes what it can do. Defense in depth for the win!

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed