[Winpcap-bugs] Crash in pcap_open when using incorrect flag
Mark Bednarczyk
voytechs at yahoo.com
Thu Aug 9 15:30:46 GMT 2007
I just discovered that incorrect flag passed to "pcap_open" call will
coredump. After a little bit of investigation only "pcap_open" causes a
coredump, "pcap_open_live" does not.
Any integer for a flag 8 and above will cause a coredump. 7 and below do not
cause a crash.
I'm using WinPcap 4.0.1 on WinXP SP2 using mingw gcc compiler. The source
string in my test rig, sets the type to IFLOCAL.
I looked at pcap-new.c source and can't see immediately where the issue
might be. I do see the forwarding call to pcap_open_live, which does masks
out only the PROMISUOUS flag.
I'm writting a java wrapper and this causes the entire java VM to crash,
which is not good. I have a work around for this, since I can catch any
flags 8 and above and return an error message from my JNI code.
Here is my test function that will cause a crash:
int main() {
char errbuf[1024];
char source[1024];
strcpy(source,
"rpcap://\\Device\\NPF_{04BD71F0-BAD6-4C51-96A4-B05562FAD4F9}");
char device[1024];
strcpy(device,
"\\Device\\NPF_{04BD71F0-BAD6-4C51-96A4-B05562FAD4F9}");
cout << "source=" << source << "\n";
int snap = 64 * 1024;
int flags = 8;
int timeout = 1000;
pcap_rmtauth *auth = NULL;
cout << "BEFORE\n";
// pcap_t *p = pcap_open_live(device, snap, flags, timeout, errbuf);
pcap_t *p = pcap_open(source, snap, flags, timeout, auth, errbuf);
cout << "AFTER\n";
if(p != NULL) {
pcap_close(p);
}
cout << "CLOSE\n";
return 0;
}
Cheers,
mark...
http://jnetpcap.sf.net
More information about the Winpcap-bugs
mailing list