ping: do not leak data from stack; shrink

FANCY ping:
function                                             old     new   delta
common_ping_main                                     386    1732   +1346
sendping6                                             98      83     -15
sendping4                                            188     158     -30
ping4                                                575       -    -575
ping6                                                756       -    -756
------------------------------------------------------------------------------
(add/remove: 0/2 grow/shrink: 1/2 up/down: 1346/-1376)        Total: -30 bytes

!FANCY ping:
function                                             old     new   delta
hostname                                               4       -      -4
common_ping_main                                     566     499     -67

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>

diff --git a/networking/ping.c b/networking/ping.c
index 467b7f6940fb3c97f68880953ce749f81b4f28d8..6a766a437feb7b2bd55703694bf0f8c9a81dfba4 100644 (file)
--- a/networking/ping.c
+++ b/networking/ping.c
@@ -43,13 +43,12 @@ enum {
        DEFDATALEN = 56,
        MAXIPLEN = 60,
        MAXICMPLEN = 76,
-       MAXPACKET = 65468,
        MAX_DUP_CHK = (8 * 128),
        MAXWAIT = 10,
        PINGINTERVAL = 1, /* 1 second */
 };
 
-/* common routines */
+/* Common routines */
 
 static int in_cksum(unsigned short *buf, int sz)
 {
@@ -76,40 +75,41 @@ static int in_cksum(unsigned short *buf, int sz)
 
 #if !ENABLE_FEATURE_FANCY_PING
 
-/* simple version */
+/* Simple version */
 
-static char *hostname;
+struct globals {
+       char *hostname;
+       char packet[DEFDATALEN + MAXIPLEN + MAXICMPLEN];
+} FIX_ALIASING;
+#define G (*(struct globals*)&bb_common_bufsiz1)
+#define INIT_G() do { } while (0)
 
 static void noresp(int ign UNUSED_PARAM)
 {
-       printf("No response from %s\n", hostname);
+       printf("No response from %s\n", G.hostname);
        exit(EXIT_FAILURE);
 }
 
 static void ping4(len_and_sockaddr *lsa)
 {
-       struct sockaddr_in pingaddr;
        struct icmp *pkt;
        int pingsock, c;
-       char packet[DEFDATALEN + MAXIPLEN + MAXICMPLEN];
 
        pingsock = create_icmp_socket();
-       pingaddr = lsa->u.sin;
 
-       pkt = (struct icmp *) packet;
-       memset(pkt, 0, sizeof(packet));
+       pkt = (struct icmp *) G.packet;
+       memset(pkt, 0, sizeof(G.packet));
        pkt->icmp_type = ICMP_ECHO;
-       pkt->icmp_cksum = in_cksum((unsigned short *) pkt, sizeof(packet));
+       pkt->icmp_cksum = in_cksum((unsigned short *) pkt, sizeof(G.packet));
 
-       c = xsendto(pingsock, packet, DEFDATALEN + ICMP_MINLEN,
-                          (struct sockaddr *) &pingaddr, sizeof(pingaddr));
+       xsendto(pingsock, G.packet, DEFDATALEN + ICMP_MINLEN, &lsa->u.sa, lsa->len);
 
        /* listen for replies */
        while (1) {
                struct sockaddr_in from;
                socklen_t fromlen = sizeof(from);
 
-               c = recvfrom(pingsock, packet, sizeof(packet), 0,
+               c = recvfrom(pingsock, G.packet, sizeof(G.packet), 0,
                                (struct sockaddr *) &from, &fromlen);
                if (c < 0) {
                        if (errno != EINTR)
@@ -117,9 +117,9 @@ static void ping4(len_and_sockaddr *lsa)
                        continue;
                }
                if (c >= 76) {                  /* ip + icmp */
-                       struct iphdr *iphdr = (struct iphdr *) packet;
+                       struct iphdr *iphdr = (struct iphdr *) G.packet;
 
-                       pkt = (struct icmp *) (packet + (iphdr->ihl << 2));     /* skip ip hdr */
+                       pkt = (struct icmp *) (G.packet + (iphdr->ihl << 2));   /* skip ip hdr */
                        if (pkt->icmp_type == ICMP_ECHOREPLY)
                                break;
                }
@@ -131,31 +131,27 @@ static void ping4(len_and_sockaddr *lsa)
 #if ENABLE_PING6
 static void ping6(len_and_sockaddr *lsa)
 {
-       struct sockaddr_in6 pingaddr;
        struct icmp6_hdr *pkt;
        int pingsock, c;
        int sockopt;
-       char packet[DEFDATALEN + MAXIPLEN + MAXICMPLEN];
 
        pingsock = create_icmp6_socket();
-       pingaddr = lsa->u.sin6;
 
-       pkt = (struct icmp6_hdr *) packet;
-       memset(pkt, 0, sizeof(packet));
+       pkt = (struct icmp6_hdr *) G.packet;
+       memset(pkt, 0, sizeof(G.packet));
        pkt->icmp6_type = ICMP6_ECHO_REQUEST;
 
        sockopt = offsetof(struct icmp6_hdr, icmp6_cksum);
        setsockopt(pingsock, SOL_RAW, IPV6_CHECKSUM, &sockopt, sizeof(sockopt));
 
-       c = xsendto(pingsock, packet, DEFDATALEN + sizeof (struct icmp6_hdr),
-                          (struct sockaddr *) &pingaddr, sizeof(pingaddr));
+       xsendto(pingsock, G.packet, DEFDATALEN + sizeof(struct icmp6_hdr), &lsa->u.sa, lsa->len);
 
        /* listen for replies */
        while (1) {
                struct sockaddr_in6 from;
                socklen_t fromlen = sizeof(from);
 
-               c = recvfrom(pingsock, packet, sizeof(packet), 0,
+               c = recvfrom(pingsock, G.packet, sizeof(G.packet), 0,
                                (struct sockaddr *) &from, &fromlen);
                if (c < 0) {
                        if (errno != EINTR)
@@ -163,7 +159,7 @@ static void ping6(len_and_sockaddr *lsa)
                        continue;
                }
                if (c >= ICMP_MINLEN) {                 /* icmp6_hdr */
-                       pkt = (struct icmp6_hdr *) packet;
+                       pkt = (struct icmp6_hdr *) G.packet;
                        if (pkt->icmp6_type == ICMP6_ECHO_REPLY)
                                break;
                }
@@ -180,6 +176,8 @@ static int common_ping_main(sa_family_t af, char **argv)
 {
        len_and_sockaddr *lsa;
 
+       INIT_G();
+
 #if ENABLE_PING6
        while ((++argv)[0] && argv[0][0] == '-') {
                if (argv[0][1] == '4') {
@@ -196,14 +194,14 @@ static int common_ping_main(sa_family_t af, char **argv)
        argv++;
 #endif
 
-       hostname = *argv;
-       if (!hostname)
+       G.hostname = *argv;
+       if (!G.hostname)
                bb_show_usage();
 
 #if ENABLE_PING6
-       lsa = xhost_and_af2sockaddr(hostname, 0, af);
+       lsa = xhost_and_af2sockaddr(G.hostname, 0, af);
 #else
-       lsa = xhost_and_af2sockaddr(hostname, 0, AF_INET);
+       lsa = xhost_and_af2sockaddr(G.hostname, 0, AF_INET);
 #endif
        /* Set timer _after_ DNS resolution */
        signal(SIGALRM, noresp);
@@ -215,7 +213,7 @@ static int common_ping_main(sa_family_t af, char **argv)
        else
 #endif
                ping4(lsa);
-       printf("%s is alive!\n", hostname);
+       printf("%s is alive!\n", G.hostname);
        return EXIT_SUCCESS;
 }
 
@@ -223,7 +221,7 @@ static int common_ping_main(sa_family_t af, char **argv)
 #else /* FEATURE_FANCY_PING */
 
 
-/* full(er) version */
+/* Full(er) version */
 
 #define OPT_STRING ("qvc:s:w:W:I:4" IF_PING6("6"))
 enum {
@@ -253,6 +251,9 @@ struct globals {
        unsigned deadline;
        unsigned timeout;
        unsigned total_secs;
+       unsigned sizeof_rcv_packet;
+       char *rcv_packet; /* [datalen + MAXIPLEN + MAXICMPLEN] */
+       void *snd_packet; /* [datalen + ipv4/ipv6_const] */
        const char *hostname;
        const char *dotted;
        union {
@@ -370,19 +371,20 @@ static void sendping_tail(void (*sp)(int), const void *pkt, int size_pkt)
 
 static void sendping4(int junk UNUSED_PARAM)
 {
-       /* +4 reserves a place for timestamp, which may end up sitting
-        * *after* packet. Saves one if() */
-       struct icmp *pkt = alloca(datalen + ICMP_MINLEN + 4);
+       struct icmp *pkt = G.snd_packet;
 
-       memset(pkt, 0, datalen + ICMP_MINLEN + 4);
+       //memset(pkt, 0, datalen + ICMP_MINLEN + 4); - G.snd_packet was xzalloced
        pkt->icmp_type = ICMP_ECHO;
        /*pkt->icmp_code = 0;*/
-       /*pkt->icmp_cksum = 0;*/
+       pkt->icmp_cksum = 0; /* cksum is calculated with this field set to 0 */
        pkt->icmp_seq = htons(ntransmitted); /* don't ++ here, it can be a macro */
        pkt->icmp_id = myid;
 
-       /* We don't do hton, because we will read it back on the same machine */
+       /* If datalen < 4, we store timestamp _past_ the packet,
+        * but it's ok - we allocated 4 extra bytes in xzalloc() just in case.
+        */
        /*if (datalen >= 4)*/
+               /* No hton: we'll read it back on the same machine */
                *(uint32_t*)&pkt->icmp_dun = monotonic_us();
 
        pkt->icmp_cksum = in_cksum((unsigned short *) pkt, datalen + ICMP_MINLEN);
@@ -394,7 +396,7 @@ static void sendping6(int junk UNUSED_PARAM)
 {
        struct icmp6_hdr *pkt = alloca(datalen + sizeof(struct icmp6_hdr) + 4);
 
-       memset(pkt, 0, datalen + sizeof(struct icmp6_hdr) + 4);
+       //memset(pkt, 0, datalen + sizeof(struct icmp6_hdr) + 4);
        pkt->icmp6_type = ICMP6_ECHO_REQUEST;
        /*pkt->icmp6_code = 0;*/
        /*pkt->icmp6_cksum = 0;*/
@@ -404,6 +406,8 @@ static void sendping6(int junk UNUSED_PARAM)
        /*if (datalen >= 4)*/
                *(uint32_t*)(&pkt->icmp6_data8[4]) = monotonic_us();
 
+       //TODO? pkt->icmp_cksum = in_cksum(...);
+
        sendping_tail(sendping6, pkt, datalen + sizeof(struct icmp6_hdr));
 }
 #endif
@@ -561,7 +565,6 @@ static void unpack6(char *packet, int sz, /*struct sockaddr_in6 *from,*/ int hop
 
 static void ping4(len_and_sockaddr *lsa)
 {
-       char packet[datalen + MAXIPLEN + MAXICMPLEN];
        int sockopt;
 
        pingsock = create_icmp_socket();
@@ -594,14 +597,14 @@ static void ping4(len_and_sockaddr *lsa)
                socklen_t fromlen = (socklen_t) sizeof(from);
                int c;
 
-               c = recvfrom(pingsock, packet, sizeof(packet), 0,
+               c = recvfrom(pingsock, G.rcv_packet, G.sizeof_rcv_packet, 0,
                                (struct sockaddr *) &from, &fromlen);
                if (c < 0) {
                        if (errno != EINTR)
                                bb_perror_msg("recvfrom");
                        continue;
                }
-               unpack4(packet, c, &from);
+               unpack4(G.rcv_packet, c, &from);
                if (pingcount && nreceived >= pingcount)
                        break;
        }
@@ -610,7 +613,6 @@ static void ping4(len_and_sockaddr *lsa)
 extern int BUG_bad_offsetof_icmp6_cksum(void);
 static void ping6(len_and_sockaddr *lsa)
 {
-       char packet[datalen + MAXIPLEN + MAXICMPLEN];
        int sockopt;
        struct msghdr msg;
        struct sockaddr_in6 from;
@@ -670,8 +672,8 @@ static void ping6(len_and_sockaddr *lsa)
        msg.msg_iov = &iov;
        msg.msg_iovlen = 1;
        msg.msg_control = control_buf;
-       iov.iov_base = packet;
-       iov.iov_len = sizeof(packet);
+       iov.iov_base = G.rcv_packet;
+       iov.iov_len = G.sizeof_rcv_packet;
        while (1) {
                int c;
                struct cmsghdr *mp;
@@ -694,7 +696,7 @@ static void ping6(len_and_sockaddr *lsa)
                                move_from_unaligned_int(hoplimit, CMSG_DATA(mp));
                        }
                }
-               unpack6(packet, c, /*&from,*/ hoplimit);
+               unpack6(G.rcv_packet, c, /*&from,*/ hoplimit);
                if (pingcount && nreceived >= pingcount)
                        break;
        }
@@ -710,12 +712,20 @@ static void ping(len_and_sockaddr *lsa)
        }
        printf(": %d data bytes\n", datalen);
 
+       G.sizeof_rcv_packet = datalen + MAXIPLEN + MAXICMPLEN;
+       G.rcv_packet = xzalloc(G.sizeof_rcv_packet);
 #if ENABLE_PING6
-       if (lsa->u.sa.sa_family == AF_INET6)
+       if (lsa->u.sa.sa_family == AF_INET6) {
+               /* +4 reserves a place for timestamp, which may end up sitting
+                * _after_ packet. Saves one if() - see sendping4/6() */
+               G.snd_packet = xzalloc(datalen + sizeof(struct icmp6_hdr) + 4);
                ping6(lsa);
-       else
+       } else
 #endif
+       {
+               G.snd_packet = xzalloc(datalen + ICMP_MINLEN + 4);
                ping4(lsa);
+       }
 }
 
 static int common_ping_main(int opt, char **argv)