- Fix sending malformed ICMP packets because we read the wrong length from the wrong address in the buffer

cgutman · cgutman · commit 6d9bb996271c · 2009-10-25T04:30:28.000Z
- Fix the sequence number stored in the packet
 - Fix potential null pointer freeing
 - tracert partially works now (Setting TTL isn't implemented yet)

svn path=/trunk/; revision=43732
diff --git a/reactos/base/applications/network/tracert/tracert.c b/reactos/base/applications/network/tracert/tracert.c
@@ -260,10 +260,10 @@ PreparePacket(PAPPINFO pInfo,
     pInfo->SendPacket->icmpheader.code     = 0;
     pInfo->SendPacket->icmpheader.checksum = 0;
     pInfo->SendPacket->icmpheader.id       = (USHORT)GetCurrentProcessId();
-    pInfo->SendPacket->icmpheader.seq      = iSeqNum;
+    pInfo->SendPacket->icmpheader.seq      = htons((USHORT)iSeqNum);
 
     /* calculate checksum of packet */
-    pInfo->SendPacket->icmpheader.checksum  = CheckSum((PUSHORT)&pInfo->SendPacket,
+    pInfo->SendPacket->icmpheader.checksum  = CheckSum((PUSHORT)&pInfo->SendPacket->icmpheader,
                                                        sizeof(ICMP_HEADER) + PACKET_SIZE);
 }
 
@@ -279,8 +279,8 @@ SendPacket(PAPPINFO pInfo)
     pInfo->lTimeStart = GetTime(pInfo);
 
     iSockRet = sendto(pInfo->icmpSock,              //socket
-                      (char *)pInfo->SendPacket,   //buffer
-                      PACKET_SIZE,                  //size of buffer
+                      (char *)&pInfo->SendPacket->icmpheader,//buffer
+                      sizeof(ICMP_HEADER) + PACKET_SIZE,//size of buffer
                       0,                            //flags
                       (SOCKADDR *)&pInfo->dest,     //destination
                       sizeof(pInfo->dest));         //address length
@@ -598,7 +598,7 @@ Cleanup(PAPPINFO pInfo)
                  0,
                  pInfo->SendPacket);
 
-    if (pInfo->SendPacket)
+    if (pInfo->RecvPacket)
         HeapFree(GetProcessHeap(),
                  0,
                  pInfo->RecvPacket);
diff --git a/reactos/base/applications/network/tracert/tracert.h b/reactos/base/applications/network/tracert/tracert.h
@@ -13,7 +13,7 @@
 #define TTL_EXCEEDED 11
 
 #define MAX_PING_PACKET_SIZE 1024
-#define MAX_PING_DATA_SIZE (MAX_PING_PACKET_SIZE + sizeof(IPv4Header)
+#define MAX_PING_DATA_SIZE (MAX_PING_PACKET_SIZE + sizeof(IPv4Header))
 #define PACKET_SIZE 32
 #define ICMP_MIN_SIZE 8
 
@@ -53,8 +53,8 @@ typedef struct ICMPHeader
 /* ICMP Echo Reply Header, 12 bytes */
 typedef struct EchoReplyHeader
 {
-    struct ICMPHeader icmpheader;
     struct timeval timestamp;
+    struct ICMPHeader icmpheader;
 } ECHO_REPLY_HEADER, *PECHO_REPLY_HEADER;
 
 /* ICMP Echo Reply Header, 12 bytes */
