From 9ae5d9cb4a616933a7d4a1bed32062debfb43ba6 Mon Sep 17 00:00:00 2001
From: Christian Herdtweck <christian.herdtweck@intra2net.com>
Date: Tue, 9 Dec 2014 18:50:58 +0100
Subject: [PATCH] fixed possible reason for broken icmp packages: restricted read of icmp payload data; also moved def of buffer size from h to cpp

---
 src/icmp/icmppinger.cpp   |    3 +++
 src/icmp/icmppinger.h     |    4 ----
 src/icmp/icmpv4packet.cpp |   20 +++++++++++++++++++-
 3 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/src/icmp/icmppinger.cpp b/src/icmp/icmppinger.cpp
index 4734026..6309c09 100644
--- a/src/icmp/icmppinger.cpp
+++ b/src/icmp/icmppinger.cpp
@@ -38,6 +38,9 @@ using I2n::Logger::GlobalLogger;
 // IcmpPinger
 //-----------------------------------------------------------------------------
 
+/// size of buffer used to read from socket in [bytes]
+static const std::size_t SOCKET_BUFFER_SIZE = 65536;   // 64kB
+
 /**
  * @brief Parameterized constructor.
  *
diff --git a/src/icmp/icmppinger.h b/src/icmp/icmppinger.h
index 3387388..fc85a90 100644
--- a/src/icmp/icmppinger.h
+++ b/src/icmp/icmppinger.h
@@ -24,10 +24,6 @@
 // IcmpPinger
 //-----------------------------------------------------------------------------
 
-
-/// size of buffer used to read from socket in [bytes]
-const std::size_t SOCKET_BUFFER_SIZE = 65536;   // 64kB
-
 /**
  * @brief This class performs an ICMP ping to host using Boost Asio.
  * Scope: one object per host.
diff --git a/src/icmp/icmpv4packet.cpp b/src/icmp/icmpv4packet.cpp
index 05f1b50..02c06f2 100644
--- a/src/icmp/icmpv4packet.cpp
+++ b/src/icmp/icmpv4packet.cpp
@@ -252,7 +252,25 @@ istream& operator>>(
     if (is.good())
         is >> packet.IcmpPayloadHeader;
     if (is.good())
-        is >> packet.IcmpPayloadData;
+    {
+        streamsize data_length = static_cast<streamsize>( packet.IpHeader.get_total_length() ) -
+                                 static_cast<streamsize>( packet.IpHeader.get_header_length() );
+
+        if ( data_length < 0 )
+        {
+            GlobalLogger.error() << "Error: invalid size for optional ICMP data: " << data_length << endl;
+            is.setstate( ios::failbit );
+        }
+        else if ( data_length > 0 )
+        {
+            size_t options_size = static_cast<size_t>( data_length );
+            scoped_array<uint8_t> scoped_data( new uint8_t[options_size] );
+            char *char_data = reinterpret_cast<char *>( scoped_data.get() );
+
+            (void) is.read( char_data, data_length );
+            packet.IcmpPayloadData = char_data;
+        }
+    }
 
     return is;
 }
-- 
1.7.1