tcpdump mailing list archives
pcap_offline_read() fix
From: Dug Song <dugsong () monkey org>
Date: Sun, 28 Nov 2004 01:31:07 -0500
a program which changes the filter for its pcap handle at runtime with
pcap_compile/setfilter() will abort when operating on a savefile, due
to this dangling ptr reference in pcap_offline_read():
--- savefile.c- Thu Mar 11 18:46:14 2004
+++ savefile.c Sun Nov 28 01:15:13 2004
@@ -906,7 +906,7 @@
int
pcap_offline_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
{
- struct bpf_insn *fcode = p->fcode.bf_insns;
+ struct bpf_insn *fcode;
int status = 0;
int n = 0;
@@ -937,7 +937,7 @@
return (status);
}
- if (fcode == NULL ||
+ if ((fcode = p->fcode.bf_insns) == NULL ||
bpf_filter(fcode, p->buffer, h.len, h.caplen)) {
(*callback)(user, &h, p->buffer);
if (++n >= cnt && cnt > 0)
you might consider just getting rid of the fcode ptr altogether...
-d.
---
http://monkey.org/~dugsong/
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
Current thread:
- BPF in hardware Livio Ricciulli (Nov 22)
- Re: BPF in hardware Guy Harris (Nov 22)
- Re: BPF in hardware Livio Ricciulli (Nov 22)
- Re: BPF in hardware Guy Harris (Nov 22)
- Re: BPF in hardware Jefferson Ogata (Nov 22)
- pcap_offline_read() fix Dug Song (Nov 28)
- Re: pcap_offline_read() fix Guy Harris (Nov 30)
- Re: BPF in hardware Livio Ricciulli (Nov 22)
- Re: BPF in hardware Guy Harris (Nov 22)