[Winpcap-bugs] Re: WinPCap bugs
Gianluca Varenni
gianluca.varenni at cacetech.com
Thu Feb 28 23:51:08 GMT 2008
----- Original Message -----
From: "Sebastian Gottschalk" <seppig_relay at gmx.de>
To: <winpcap-bugs at winpcap.org>
Sent: Thursday, February 28, 2008 12:01 PM
Subject: [Winpcap-bugs] Re: WinPCap bugs
> Dear Sir or Madam,
>
> I'm sorry to tell you that I've lost about a week of mails, thus I can
> only reply to what I remember.
>
> As for your question about the hypothetical integer overflow:
> It may happen in the loop where all the Open->Buffer[i] get locked with a
> spinlock, that is, if *Open+i*sizeof(OPEN_INSTANCE) overflows. Since 'i'
> is limited by nCpu, this is clearly impossible to exploit.
>
> For the FsContext problem, I took the wrong description: The problem might
> be that opening the same device with different streams might share the
> same FsContext pointer (because the device doesn't support streams), and
> thus it may leak an OPEN_INSTANCE structure. The documentation is unclear
> about this, but after some experimentation I found that this doesn't seem
> to be the case.
>
> However, I found another bug, this time in the installer: When the Network
> Load Balancing protocol is installed, the installer writes some settings
> to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\Tracing\Microsoft\NLB. This is obviously wrong, it
> should be the subkey NLBMPROV of the mentioned key (which typically
> already contains the values the installer tries to write).
>
Just a quick reply to this. WinPcap does NOT install the network load
balancer. It just installs Network Monitor (NetMon), if the OS supports it
and the installation files are available on the machine.
GV
> Sincerely,
> Sebastian Gottschalk
> _______________________________________________
> Winpcap-bugs mailing list
> Winpcap-bugs at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-bugs
More information about the Winpcap-bugs
mailing list