[Winpcap-bugs] RE: Crash in pcap_open when using incorrect flag

Mark Bednarczyk voytechs at yahoo.com
Fri Aug 10 17:39:45 GMT 2007 

You are right it is working correctly. I've isolated the compiler and did it
from command line. Copied includes and the library into a test directory. My
build system must have been pulling in the other library, I tripple checked
the environment though before I made the assumption   that the patched lib
wasn't working.

That just shows you.

Thanks a bunch Gianluca.

Cheers,
mark...

> -----Original Message-----
> From: winpcap-bugs-bounces at winpcap.org 
> [mailto:winpcap-bugs-bounces at winpcap.org] On Behalf Of 
> Gianluca Varenni
> Sent: Friday, August 10, 2007 1:15 PM
> To: voytechs at yahoo.com; winpcap-bugs at winpcap.org
> Subject: Re: [Winpcap-bugs] RE: Crash in pcap_open when using 
> incorrect flag
> 
> I just tried your code, and it doesn't crash at all on my 
> machine if I use the new wpcap.dll I sent you yesterday.
> 
> Attached you can find the binary I used. Is it possible that 
> your test application was loading the original wpcap.dll and 
> not the one I sent you yesterday?
> 
> Can you please try the attached binary?
> 
> Thanks!
> GV
> 
> ----- Original Message -----
> From: "Mark Bednarczyk" <voytechs at yahoo.com>
> To: "'Gianluca Varenni'" <gianluca.varenni at cacetech.com>; 
> <winpcap-bugs at winpcap.org>
> Sent: Thursday, August 09, 2007 2:05 PM
> Subject: RE: [Winpcap-bugs] RE: Crash in pcap_open when using 
> incorrect flag
> 
> 
> >I attached a small C++ program that I used to isolate this case.
> >
> > This is not normal behaviour to provide incorrect flags like this. 
> > jNetPcap
> > is a java wrapper that forwards calls from java to native 
> winpcap library.
> > But I do test for incorrect usage of the API (from java side.) Its 
> > only by error would a user supply this combination to cause 
> a crash. 
> > Since this is run under Java VM it causes the entire Java 
> VM to crash 
> > in a very nasty way.
> > So it needs to be fixed. I already implemented a fix on my 
> end and my 
> > wrapper catches this error before ever passing it on to pcap_open.
> >
> >
> > And here is my wrapper's open method. Much more involved obviously, 
> > but you can see the fix I did in it to catch this:
> >
> >
> > /*
> > * Class:     org_jnetpcap_winpcap_WinPcap
> > * Method:    open
> > * Signature:
> > 
> (Ljava/lang/String;IIILorg/jnetpcap/winpcap/WinPcapRmtAuth;Lja
> va/lang/String
> > Builder;)Lorg/jnetpcap/winpcap/WinPcap;
> > */
> > JNIEXPORT jobject JNICALL
> > Java_org_jnetpcap_winpcap_WinPcap_open
> > (JNIEnv *env, jclass clazz, jstring jsource, jint jsnaplen, 
> jint jflags,
> > jint jtimeout, jobject jauth, jobject jerrbuf) {
> >
> > if (jsource == NULL || jerrbuf == NULL) {
> > throwException(env, NULL_PTR_EXCEPTION, NULL);
> > return NULL;
> > }
> >
> > char errbuf[PCAP_ERRBUF_SIZE];
> > errbuf[0] = '\0'; // Reset the buffer;
> >
> > char *source = (char *) env->GetStringUTFChars(jsource, 0);
> >
> > #ifndef DONT_FIX_WINPCAP_BUGS
> > /*
> > * 2007-08-09 - Mark Bednarczyk
> > * There is a bug in WinPcap where flags | 8 == 8 or flag | 16 == 16
> > and the
> > * device name is wrong (pcap_open_live would fail), wpdpack doesn't
> > catch
> > * it and crashes. We need to test for valid device name for IFLOCAL
> > type
> > * ourselves.
> > */
> > char host[PCAP_BUF_SIZE], port[PCAP_BUF_SIZE], name[PCAP_BUF_SIZE];
> > int type = 0;
> > if (pcap_parsesrcstr(source, &type, host, port, name, errbuf) == -1)
> > {
> > setString(env, jerrbuf, errbuf); // Even if no error, could
> > have warning msg
> > return NULL; // error already set in errbuf
> > }
> >
> > if (type == PCAP_SRC_IFLOCAL) {
> > int flags = (int) jflags;
> > pcap_t *temp = pcap_open_live(
> > name,
> > (int) jsnaplen,
> > (flags & PCAP_OPENFLAG_PROMISCUOUS),
> > (int) jtimeout,
> > errbuf);
> >
> > if (temp == NULL) {
> > env->ReleaseStringUTFChars(jsource, source);
> > setString(env, jerrbuf, errbuf); // Even if no
> > error, could have warning msg
> > return NULL; // error already set in errbuf
> > } else {
> > pcap_close(temp); // Close it, and let the call pass
> > through
> > }
> > }
> > #endif
> >
> > pcap_rmtauth buf;
> > pcap_rmtauth *auth = (jauth != NULL)?getWinPcapRmtAuth(env, jauth,
> > &buf):NULL;
> >
> > pcap_t * p = pcap_open(source, (int)jsnaplen, (int) jflags, (int)
> > jtimeout,
> > NULL, errbuf);
> > setString(env, jerrbuf, errbuf); // Even if no error, could have
> > warning msg
> > env->ReleaseStringUTFChars(jsource, source);
> >
> > if (p == NULL) {
> > return NULL;
> > }
> >
> > /*
> > * Use a no-arg constructor and initialize 'physical' field using
> > * special JNI priviledges.
> > */
> > jobject obj = env->NewObject(clazz, winPcapConstructorMID);
> > setPhysical(env, obj, toLong(p));
> >
> > return obj;
> > }
> >
> >
> > I have a wrapper function around all of the libpcap and 
> winpcap calls.
> >
> > Javadoc:
> > 
> http://jnetpcap.sourceforge.net/docs/jnetpcap-1.0b3-javadoc/index.html
> >
> > Cheers,
> > mark...
> >
> >> -----Original Message-----
> >> From: Gianluca Varenni [mailto:gianluca.varenni at cacetech.com]
> >> Sent: Thursday, August 09, 2007 4:50 PM
> >> To: voytechs at yahoo.com; winpcap-bugs at winpcap.org
> >> Subject: Re: [Winpcap-bugs] RE: Crash in pcap_open when using
> >> incorrect flag
> >>
> >> Can you please send me a small application based on your java
> >> wrapper that exploits this behavior?
> >>
> >> Thanks
> >> GV
> >>
> >> ----- Original Message -----
> >> From: "Mark Bednarczyk" <voytechs at yahoo.com>
> >> To: "'Gianluca Varenni'" <gianluca.varenni at cacetech.com>;
> >> <winpcap-bugs at winpcap.org>
> >> Sent: Thursday, August 09, 2007 12:50 PM
> >> Subject: RE: [Winpcap-bugs] RE: Crash in pcap_open when using
> >> incorrect flag
> >>
> >>
> >> >I still get a crash with the patched library when I set flag
> >> values 8
> >> >or 16  and the device name is invalid in the source string.
> >> >
> >> > Cheers,
> >> > mark...
> >> >
> >> >
> >> > _______________________________________________
> >> > Winpcap-bugs mailing list
> >> > Winpcap-bugs at winpcap.org
> >> > https://www.winpcap.org/mailman/listinfo/winpcap-bugs
> >>
> >
> 
> 
> --------------------------------------------------------------
> ------------------
> 
> 
> > _______________________________________________
> > Winpcap-bugs mailing list
> > Winpcap-bugs at winpcap.org
> > https://www.winpcap.org/mailman/listinfo/winpcap-bugs
> > 
>

More information about the Winpcap-bugs mailing list