From b8af615ec19bd7fcb92312b095802a227aa31633 Mon Sep 17 00:00:00 2001
From: Joshua Rogers <MegaManSec@users.noreply.github.com>
Date: Sat, 25 Oct 2025 15:08:41 +0000
Subject: [PATCH] pinger: Echo all received bytes on Windows icmp_sock (#2210)

Avoids OOB read by strlen().
---
 src/icmp/IcmpPinger.cc | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/icmp/IcmpPinger.cc b/src/icmp/IcmpPinger.cc
index 24df9d6469..e5fa30fd5d 100644
--- a/src/icmp/IcmpPinger.cc
+++ b/src/icmp/IcmpPinger.cc
@@ -51,12 +51,14 @@ IcmpPinger::Open(void)
 
     WSADATA wsaData;
     WSAPROTOCOL_INFO wpi;
-    char buf[sizeof(wpi)];
+    char buf[sizeof(wpi)+1];
     int x;
 
     struct sockaddr_in PS;
     int xerrno;
 
+    static_assert(sizeof(WSAPROTOCOL_INFO) >= sizeof(PS), "PS must fit into wpi-sized buf");
+
     WSAStartup(2, &wsaData);
     atexit(Win32SockCleanup);
 
@@ -114,7 +116,7 @@ IcmpPinger::Open(void)
 
     xwrite(1, "OK\n", 3);
     memset(buf, 0, sizeof(buf));
-    x = xrecv(icmp_sock, buf, sizeof(buf), 0);
+    x = xrecv(icmp_sock, buf, sizeof(buf)-1, 0);
 
     if (x < 3) {
         xerrno = errno;
-- 
2.47.3