[Winpcap-bugs] RE: Crash in pcap_open when using incorrect flag

Gianluca Varenni gianluca.varenni at cacetech.com
Fri Aug 10 17:14:46 GMT 2007 

I just tried your code, and it doesn't crash at all on my machine if I use 
the new wpcap.dll I sent you yesterday.

Attached you can find the binary I used. Is it possible that your test 
application was loading the original wpcap.dll and not the one I sent you 
yesterday?

Can you please try the attached binary?

Thanks!
GV

----- Original Message ----- 
From: "Mark Bednarczyk" <voytechs at yahoo.com>
To: "'Gianluca Varenni'" <gianluca.varenni at cacetech.com>; 
<winpcap-bugs at winpcap.org>
Sent: Thursday, August 09, 2007 2:05 PM
Subject: RE: [Winpcap-bugs] RE: Crash in pcap_open when using incorrect flag


>I attached a small C++ program that I used to isolate this case.
>
> This is not normal behaviour to provide incorrect flags like this. 
> jNetPcap
> is a java wrapper that forwards calls from java to native winpcap library.
> But I do test for incorrect usage of the API (from java side.) Its only by
> error would a user supply this combination to cause a crash. Since this is
> run under Java VM it causes the entire Java VM to crash in a very nasty 
> way.
> So it needs to be fixed. I already implemented a fix on my end and my
> wrapper catches this error before ever passing it on to pcap_open.
>
>
> And here is my wrapper's open method. Much more involved obviously, but 
> you
> can see the fix I did in it to catch this:
>
>
> /*
> * Class:     org_jnetpcap_winpcap_WinPcap
> * Method:    open
> * Signature:
> (Ljava/lang/String;IIILorg/jnetpcap/winpcap/WinPcapRmtAuth;Ljava/lang/String
> Builder;)Lorg/jnetpcap/winpcap/WinPcap;
> */
> JNIEXPORT jobject JNICALL
> Java_org_jnetpcap_winpcap_WinPcap_open
> (JNIEnv *env, jclass clazz, jstring jsource, jint jsnaplen, jint jflags,
> jint jtimeout, jobject jauth, jobject jerrbuf) {
>
> if (jsource == NULL || jerrbuf == NULL) {
> throwException(env, NULL_PTR_EXCEPTION, NULL);
> return NULL;
> }
>
> char errbuf[PCAP_ERRBUF_SIZE];
> errbuf[0] = '\0'; // Reset the buffer;
>
> char *source = (char *) env->GetStringUTFChars(jsource, 0);
>
> #ifndef DONT_FIX_WINPCAP_BUGS
> /*
> * 2007-08-09 - Mark Bednarczyk
> * There is a bug in WinPcap where flags | 8 == 8 or flag | 16 == 16
> and the
> * device name is wrong (pcap_open_live would fail), wpdpack doesn't
> catch
> * it and crashes. We need to test for valid device name for IFLOCAL
> type
> * ourselves.
> */
> char host[PCAP_BUF_SIZE], port[PCAP_BUF_SIZE], name[PCAP_BUF_SIZE];
> int type = 0;
> if (pcap_parsesrcstr(source, &type, host, port, name, errbuf) == -1)
> {
> setString(env, jerrbuf, errbuf); // Even if no error, could
> have warning msg
> return NULL; // error already set in errbuf
> }
>
> if (type == PCAP_SRC_IFLOCAL) {
> int flags = (int) jflags;
> pcap_t *temp = pcap_open_live(
> name,
> (int) jsnaplen,
> (flags & PCAP_OPENFLAG_PROMISCUOUS),
> (int) jtimeout,
> errbuf);
>
> if (temp == NULL) {
> env->ReleaseStringUTFChars(jsource, source);
> setString(env, jerrbuf, errbuf); // Even if no
> error, could have warning msg
> return NULL; // error already set in errbuf
> } else {
> pcap_close(temp); // Close it, and let the call pass
> through
> }
> }
> #endif
>
> pcap_rmtauth buf;
> pcap_rmtauth *auth = (jauth != NULL)?getWinPcapRmtAuth(env, jauth,
> &buf):NULL;
>
> pcap_t * p = pcap_open(source, (int)jsnaplen, (int) jflags, (int)
> jtimeout,
> NULL, errbuf);
> setString(env, jerrbuf, errbuf); // Even if no error, could have
> warning msg
> env->ReleaseStringUTFChars(jsource, source);
>
> if (p == NULL) {
> return NULL;
> }
>
> /*
> * Use a no-arg constructor and initialize 'physical' field using
> * special JNI priviledges.
> */
> jobject obj = env->NewObject(clazz, winPcapConstructorMID);
> setPhysical(env, obj, toLong(p));
>
> return obj;
> }
>
>
> I have a wrapper function around all of the libpcap and winpcap calls.
>
> Javadoc:
> http://jnetpcap.sourceforge.net/docs/jnetpcap-1.0b3-javadoc/index.html
>
> Cheers,
> mark...
>
>> -----Original Message-----
>> From: Gianluca Varenni [mailto:gianluca.varenni at cacetech.com]
>> Sent: Thursday, August 09, 2007 4:50 PM
>> To: voytechs at yahoo.com; winpcap-bugs at winpcap.org
>> Subject: Re: [Winpcap-bugs] RE: Crash in pcap_open when using
>> incorrect flag
>>
>> Can you please send me a small application based on your java
>> wrapper that exploits this behavior?
>>
>> Thanks
>> GV
>>
>> ----- Original Message -----
>> From: "Mark Bednarczyk" <voytechs at yahoo.com>
>> To: "'Gianluca Varenni'" <gianluca.varenni at cacetech.com>;
>> <winpcap-bugs at winpcap.org>
>> Sent: Thursday, August 09, 2007 12:50 PM
>> Subject: RE: [Winpcap-bugs] RE: Crash in pcap_open when using
>> incorrect flag
>>
>>
>> >I still get a crash with the patched library when I set flag
>> values 8
>> >or 16  and the device name is invalid in the source string.
>> >
>> > Cheers,
>> > mark...
>> >
>> >
>> > _______________________________________________
>> > Winpcap-bugs mailing list
>> > Winpcap-bugs at winpcap.org
>> > https://www.winpcap.org/mailman/listinfo/winpcap-bugs
>>
>


--------------------------------------------------------------------------------


> _______________________________________________
> Winpcap-bugs mailing list
> Winpcap-bugs at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-bugs
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: iflist.exe
Type: application/x-msdownload
Size: 65536 bytes
Desc: not available
Url : http://www.winpcap.org/pipermail/winpcap-bugs/attachments/20070810/db86a591/iflist-0001.bin

More information about the Winpcap-bugs mailing list