From 526f06b278d9252add168aa18b60242c08771165 Mon Sep 17 00:00:00 2001
From: Matthew Dillon <dillon@FreeBSD.org>
Date: Wed, 26 Aug 1998 01:58:39 +0000
Subject: [PATCH]     (well tested at BEST): -i option can now take FP values
 (e.g. -i 0.1),     extremely useful for networking testing.  Other options
 secured from     user-level D.O.S. attacks.  -f, -s now root-only.  -i wait
 times < 1.0     root-only.  -c count limited to 100 and defaults to 16 when
 ping run     by non-root user.

---
 sbin/ping/ping.8 | 14 ++++++++------
 sbin/ping/ping.c | 49 +++++++++++++++++++++++++++++++++++++-----------
 2 files changed, 46 insertions(+), 17 deletions(-)

diff --git a/sbin/ping/ping.8 b/sbin/ping/ping.8
index 1b3fd18f32c48e..b3a954f0e13d90 100644
--- a/sbin/ping/ping.8
+++ b/sbin/ping/ping.8
@@ -30,7 +30,7 @@
 .\" SUCH DAMAGE.
 .\"
 .\"     @(#)ping.8	8.2 (Berkeley) 12/11/93
-.\"	$Id: ping.8,v 1.14 1998/04/01 00:32:18 imp Exp $
+.\"	$Id: ping.8,v 1.15 1998/07/15 06:45:00 charnier Exp $
 .\"
 .Dd March 1, 1997
 .Dt PING 8
@@ -85,7 +85,8 @@ Stop after sending
 .Pq and receiving
 .Ar count
 .Tn ECHO_RESPONSE
-packets.
+packets.  non-root users may not send more then 100 packets and default
+to 16, while root defaults to infinity.
 .It Fl d
 Set the
 .Dv SO_DEBUG
@@ -100,7 +101,7 @@ sent a period
 .Dq \&.
 is printed, while for every
 .Tn ECHO_REPLY
-received a backspace is printed.
+received a backspace is printed.  Only root may specify this option.
 This provides a rapid display of how many packets are being dropped.
 Only the super-user may use this option.
 .Bf -emphasis
@@ -111,8 +112,9 @@ Wait
 .Ar wait
 seconds
 .Em between sending each packet .
-The default is to wait for one second between each packet.
-This option is incompatible with the
+The default is to wait for one second between each packet.  The
+wait time may be fractional, but only root may specify values 
+less then 1 second.  This option is incompatible with the
 .Fl f
 option.
 .It Fl I Ar interface
@@ -196,7 +198,7 @@ The default is 56, which translates into 64
 data bytes when combined
 with the 8 bytes of
 .Tn ICMP
-header data.
+header data.  Only root may use this option.
 .It Fl T Ar ttl
 Set the IP Time To Live for multicasted packets.
 This flag only applies if the ping destination is a multicast address.
diff --git a/sbin/ping/ping.c b/sbin/ping/ping.c
index 9407eb9b005506..54025cc32e2b30 100644
--- a/sbin/ping/ping.c
+++ b/sbin/ping/ping.c
@@ -45,7 +45,7 @@ static const char copyright[] =
 static char sccsid[] = "@(#)ping.c	8.1 (Berkeley) 6/5/93";
 #endif
 static const char rcsid[] =
-	"$Id$";
+	"$Id: ping.c,v 1.39 1998/07/15 06:45:02 charnier Exp $";
 #endif /* not lint */
 
 /*
@@ -125,6 +125,9 @@ int options;
 #define	F_MIF		0x1000
 #define	F_AUDIBLE	0x2000
 
+#define NPACKETS	16
+#define MAXUSRPACKETS	100
+
 /*
  * MAX_DUP_CHK is the number of bits in received table, i.e. the maximum
  * number of received sequence numbers we can keep track of.  Change 128
@@ -149,7 +152,7 @@ long npackets;			/* max packets to transmit */
 long nreceived;			/* # of packets we got back */
 long nrepeats;			/* number of duplicates */
 long ntransmitted;		/* sequence # for outbound packets = #sent */
-int interval = 1;		/* interval between packets */
+int interval = 1000;		/* interval between packets, ms */
 
 /* timing */
 int timing;			/* flag to do timing */
@@ -229,12 +232,15 @@ main(argc, argv)
 				    "invalid count of packets to transmit: `%s'",
 				    optarg);
 			npackets = ultmp;
+			if (uid && npackets > MAXUSRPACKETS)
+				errx(EX_USAGE,
+"you cannot send more than %d packets.", MAXUSRPACKETS);
 			break;
 		case 'd':
 			options |= F_SO_DEBUG;
 			break;
 		case 'f':
-			if (getuid()) {
+			if (uid) {
 				errno = EPERM;
 				err(EX_NOPERM, "-f flag");
 			}
@@ -242,12 +248,23 @@ main(argc, argv)
 			setbuf(stdout, (char *)NULL);
 			break;
 		case 'i':		/* wait between sending packets */
-			ultmp = strtoul(optarg, &ep, 0);
-			if (*ep || ep == optarg || ultmp > INT_MAX)
-				errx(EX_USAGE,
-				     "invalid timing interval: `%s'", optarg);
-			options |= F_INTERVAL;
-			interval = ultmp;
+			{
+			    double t = strtod(optarg, &ep) * 1000.0;
+
+			    if (*ep || ep == optarg || t > (double)INT_MAX) {
+				    errx(
+					    EX_USAGE,
+					     "invalid timing interval: `%s'",
+					     optarg
+				    );
+			    }
+			    options |= F_INTERVAL;
+			    interval = (int)t;
+			    if (uid && interval < 1000) {
+				    errno = EPERM;
+				    err(EX_NOPERM, "-i interval too short");
+			    }
+			}
 			break;
 		case 'I':		/* multicast interface */
 			if (inet_aton(optarg, &ifaddr) == 0)
@@ -292,6 +309,10 @@ main(argc, argv)
 			options |= F_SO_DONTROUTE;
 			break;
 		case 's':		/* size of packet to send */
+			if (uid) {
+				errno = EPERM;
+				err(EX_NOPERM, "-s flag");
+			}
 			ultmp = strtoul(optarg, &ep, 0);
 			if (ultmp > MAXPACKET)
 				errx(EX_USAGE, "packet size too large: %lu",
@@ -321,6 +342,12 @@ main(argc, argv)
 		usage();
 	target = argv[optind];
 
+	/*
+	 * If not root, infinite packets not allowed.  Limit to NPACKETS.
+	 */
+	if (uid && !npackets)
+		npackets = NPACKETS;
+
 	bzero((char *)&whereto, sizeof(struct sockaddr));
 	to = (struct sockaddr_in *)&whereto;
 	to->sin_family = AF_INET;
@@ -477,8 +504,8 @@ main(argc, argv)
 		intvl.tv_sec = 0;
 		intvl.tv_usec = 10000;
 	} else {
-		intvl.tv_sec = interval;
-		intvl.tv_usec = 0;
+		intvl.tv_sec = interval / 1000;
+		intvl.tv_usec = interval % 1000 * 1000;
 	}
 
 	pinger();			/* send the first ping */