On Sat, Dec 3, 2016 at 9:58 AM, Kees Cook <keesc...@chromium.org> wrote: > - if (len > 0xFFFF) > + if (len > 0xFFFF || len < icmph_len) > return -EMSGSIZE;
EMSGSIZE usually means the message is too long. Maybe use EINVAL? That's what the code will return if the passed-in ICMP header is invalid (e.g., is not an echo request).
