Home page logo

bugtraq logo Bugtraq mailing list archives

Re: pingflood.c
From: sinster () DARKWATER COM (sinster () DARKWATER COM)
Date: Mon, 18 May 1998 13:00:38 -0700

Sprach "Aggelos P. Varvitsiotis" <avarvit () CC ECE NTUA GR>:
[... info about non-root pingflood snipped ....]
Verified it on SunOS 5.5.1. Basically, it is so simple that it
should work on any Unix box. The "bug" in ping's code is that
the code naively assumes the SIGALRM is system-generated (due
to a previous alarm() call). At least on SunOS 5.5.1, sigaction(2)
can be used to examine the source of the SIGALRM (e.g. check
that (siginfo_t *)si->si_code > 0 -- (siginfo_t *)si is returned
to the signal handler if the sa_flags member of the struct sigaction
passed to sigaction() has the SA_SIGINFO bit set). I am not sure
how this can be implemented on other systems.

A simple fix that'll work on all systems I've encountered is simply
to call time() in the signal handler and make sure that it's different
from the last time time() was called.  That'll automatically limit you
to 1s pings no matter how many signals you get.  Of course, you had
better be checking to make sure that time() isn't erroring out with
errno=EAGAIN on those systems where time() can do that... :)

Jon Paul Nollmann ne' Darren Senn                     sinster () darkwater com
Unsolicited commercial email will be archived at $1/byte/day.
Wasurenaide -- doko e itte mo soko ni iru yo.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]