From fa7a0d17d98695332a9bd3c87a655a7eda730d8f Mon Sep 17 00:00:00 2001
From: Masaq- <tilt@techie.com>
Date: Fri, 22 Feb 2019 11:48:55 +0000
Subject: fix segmentation fault when network is unreachable

---
 src/ptunnel.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/ptunnel.c')

diff --git a/src/ptunnel.c b/src/ptunnel.c
index 640df74..87dcc39 100644
--- a/src/ptunnel.c
+++ b/src/ptunnel.c
@@ -668,7 +668,7 @@ void* pt_proxy(void *args) {
 				             cur->dst_ip, cur->dst_port, kProto_ack | cur->type_flag,
 				             &cur->dest_addr, cur->next_remote_seq, &cur->send_first_ack, &cur->ping_seq, cur->window_size);
 				cur->xfer.icmp_ack_out++;
-				if (cur->send_ring[idx].pkt_len > sizeof(icmp_echo_packet_t) && cur->send_ring[idx].pkt->type == 8) {
+				if (cur->send_ring[idx].pkt && cur->send_ring[idx].pkt->type == kICMP_echo_request) {
 					for (uint16_t e = 0; e < opts.empty_pings; e++) {
 						cur->send_ring[idx].pkt->seq      = htons(cur->ping_seq);
 						cur->ping_seq++;
-- 
cgit v1.2.3


From 70973ac736e8b669f121a4c96b510e451fd130fc Mon Sep 17 00:00:00 2001
From: Masaq- <tilt@techie.com>
Date: Sat, 23 Feb 2019 22:40:24 +0000
Subject: set pkt_len to zero after free

---
 src/pkt.c     | 2 ++
 src/ptunnel.c | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

(limited to 'src/ptunnel.c')

diff --git a/src/pkt.c b/src/pkt.c
index e2fd2a8..beb6291 100644
--- a/src/pkt.c
+++ b/src/pkt.c
@@ -467,6 +467,7 @@ void handle_ack(uint16_t seq_no, icmp_desc_t ring[], int *packets_awaiting_ack,
 					*remote_ack	= (uint16_t)ntohl(pt_pkt->ack);
 					free(ring[i].pkt);
 					ring[i].pkt	= 0;
+					ring[i].pkt_len	= 0;
 					(*packets_awaiting_ack)--;
 					if (i == *first_ack) {
 						for (j=1;j<window_size;j++) {
@@ -504,6 +505,7 @@ void handle_ack(uint16_t seq_no, icmp_desc_t ring[], int *packets_awaiting_ack,
 				if (can_ack) {
 					free(ring[i].pkt);
 					ring[i].pkt	= 0;
+					ring[i].pkt_len	= 0;
 					(*packets_awaiting_ack)--;
 				}
 				i--;
diff --git a/src/ptunnel.c b/src/ptunnel.c
index 87dcc39..fad0944 100644
--- a/src/ptunnel.c
+++ b/src/ptunnel.c
@@ -668,7 +668,7 @@ void* pt_proxy(void *args) {
 				             cur->dst_ip, cur->dst_port, kProto_ack | cur->type_flag,
 				             &cur->dest_addr, cur->next_remote_seq, &cur->send_first_ack, &cur->ping_seq, cur->window_size);
 				cur->xfer.icmp_ack_out++;
-				if (cur->send_ring[idx].pkt && cur->send_ring[idx].pkt->type == kICMP_echo_request) {
+				if (cur->send_ring[idx].pkt_len > sizeof(icmp_echo_packet_t) && cur->send_ring[idx].pkt->type == kICMP_echo_request) {
 					for (uint16_t e = 0; e < opts.empty_pings; e++) {
 						cur->send_ring[idx].pkt->seq      = htons(cur->ping_seq);
 						cur->ping_seq++;
-- 
cgit v1.2.3