[Winpcap-bugs] RE: Crash in pcap_open when using incorrect flag

Gianluca Varenni gianluca.varenni at cacetech.com
Thu Aug 9 18:52:37 GMT 2007 

That's what I fixed in the new wpcap.dll file I sent you a couple hours ago.

Did you receive that e-mail?

Have a nice day
GV


----- Original Message ----- 
From: "Mark Bednarczyk" <voytechs at yahoo.com>
To: <voytechs at yahoo.com>; <winpcap-bugs at winpcap.org>
Sent: Thursday, August 09, 2007 11:49 AM
Subject: [Winpcap-bugs] RE: Crash in pcap_open when using incorrect flag


>I found the bug. Its in pcap-new.c. You will get a core dump under the
> following conditions:
>
> 1) You specify invalid device name to pcap_open AND
>
> 2) You specify any of the WIN32 specific flags such as
> PCAP_OPENFLAG_NOCAPTURE_LOCAL or PCAP_OPENFLAG_MAX_RESPONSIVENESS.
>
> In the code below you can see, that if pcap_open_live fails to open a 
> device
> at the top, the flag dependent if statements below it, use  the 'fp' ptr
> without checking if its NULL. Which in this case is NULL, because
> pcap_open_live failed. Thus a crash in the if statement itself 
> (fp->adapter)
> where fp == NULL.
>
> So have to check for NULL too.
>
> if (fp != NULL && !PacketSetLoopbackBehavior(fp->adapter,
> NPF_DISABLE_LOOPBACK))
> ...
>
> Or better yet return immediately after the pcap_open_live if its null.
>
>
>
> Source from pcap-new.c:
>
> #ifdef WIN32
> //
> // these flags are supported on Windows only
> //
> fp = pcap_open_live(name, snaplen, (flags &
> PCAP_OPENFLAG_PROMISCUOUS), read_timeout, errbuf);
>
> /* disable loopback capture if requested */
> if(flags & PCAP_OPENFLAG_NOCAPTURE_LOCAL)
> {
> if(!PacketSetLoopbackBehavior(fp->adapter,
> NPF_DISABLE_LOOPBACK))
> {
> snprintf(errbuf, PCAP_ERRBUF_SIZE,
> "Unable to disable the capture of loopback packets.");
> pcap_close(fp);
> return NULL;
> }
> }
>
> /* set mintocopy to zero if requested */
> if(flags & PCAP_OPENFLAG_MAX_RESPONSIVENESS)
> {
> if(!PacketSetMinToCopy(fp->adapter, 0))
> {
> snprintf(errbuf, PCAP_ERRBUF_SIZE,
> "Unable to set max responsiveness.");
> pcap_close(fp);
> return NULL;
> }
> }
> #endif //WIN32
>
> So in my original report of the problem, its just not any flag value above
> 8, it's a value that gets a bitwise hit on one of the PCAP_OPENFLAG_* 
> flags.
> And you have to have misspelled device name. Which in my test rigs (jUnit
> test cases) I do all these things on purpose.
>
> Cheers,
> mark...
>
> _______________________________________________
> Winpcap-bugs mailing list
> Winpcap-bugs at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-bugs

More information about the Winpcap-bugs mailing list