[Winpcap-bugs] Re: WinPCap bugs
Sebastian Gottschalk
seppig_relay at gmx.de
Thu Feb 28 20:01:44 GMT 2008
Dear Sir or Madam,
I'm sorry to tell you that I've lost about a week of mails, thus I can only
reply to what I remember.
As for your question about the hypothetical integer overflow:
It may happen in the loop where all the Open->Buffer[i] get locked with a
spinlock, that is, if *Open+i*sizeof(OPEN_INSTANCE) overflows. Since 'i' is
limited by nCpu, this is clearly impossible to exploit.
For the FsContext problem, I took the wrong description: The problem might
be that opening the same device with different streams might share the same
FsContext pointer (because the device doesn't support streams), and thus it
may leak an OPEN_INSTANCE structure. The documentation is unclear about
this, but after some experimentation I found that this doesn't seem to be
the case.
However, I found another bug, this time in the installer: When the Network
Load Balancing protocol is installed, the installer writes some settings to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Tracing\Microsoft\NLB. This is obviously wrong, it should
be the subkey NLBMPROV of the mentioned key (which typically already
contains the values the installer tries to write).
Sincerely,
Sebastian Gottschalk
More information about the Winpcap-bugs
mailing list