[Winpcap-bugs] Some more bpf_validate bugs
Gianluca Varenni
gianluca.varenni at cacetech.com
Thu Jan 3 19:28:13 GMT 2008
I've just applied the patch to the Windows NT win_bpf_filter (both HEAD and
4.0 branch) as well as the AirPcap / AirPcapN filtering code.
wrt the win9x, that source is dead code, I applied it (HEAD only) but didn't
even try to compile it.
Thanks Guy!
Have a nice day
GV
----- Original Message -----
From: "Guy Harris" <guy at alum.mit.edu>
To: <winpcap-bugs at winpcap.org>
Sent: Tuesday, January 01, 2008 7:55 PM
Subject: [Winpcap-bugs] Some more bpf_validate bugs
> It turns out that there were two bugs in the original OpenBSD filter
> validation code, one that caused it to reject all filters that used
> multiply instructions, and another that caused it to reject all filters
> that used divide instructions.
>
> I've attached a patch file (with Windows line endings, some manually
> added - hopefully it'll apply correctly) to patch both the Windows 9x
> and Windows NT win_bpf_filter.c files with fixes for those bugs.
>
--------------------------------------------------------------------------------
> *** Packet9x/VXD/win_bpf_filter.c.dist Fri Dec 2 14:31:26 2005
> --- Packet9x/VXD/win_bpf_filter.c Tue Jan 1 19:49:42 2008
> ***************
> *** 695,700 ****
> --- 695,701 ----
> switch (BPF_OP(p->code)) {
> case BPF_ADD:
> case BPF_SUB:
> + case BPF_MUL:
> case BPF_OR:
> case BPF_AND:
> case BPF_LSH:
> ***************
> *** 707,712 ****
> --- 708,714 ----
> */
> if (BPF_RVAL(p->code) == BPF_K && p->k == 0)
> return 0;
> + break;
> default:
> return 0;
> }
>
> *** packetNtx/driver/win_bpf_filter.c.dist Mon Nov 12 15:18:28 2007
> --- packetNtx/driver/win_bpf_filter.c Tue Jan 1 19:43:54 2008
> ***************
> *** 1084,1089 ****
> --- 1084,1090 ----
> switch (BPF_OP(p->code)) {
> case BPF_ADD:
> case BPF_SUB:
> + case BPF_MUL:
> case BPF_OR:
> case BPF_AND:
> case BPF_LSH:
> ***************
> *** 1096,1101 ****
> --- 1097,1103 ----
> */
> if (BPF_RVAL(p->code) == BPF_K && p->k == 0)
> return 0;
> + break;
> default:
> return 0;
> }
> ***************
> *** 1144,1147 ****
> }
> }
> return BPF_CLASS(f[len - 1].code) == BPF_RET;
> ! }
> \ No newline at end of file
> --- 1146,1149 ----
> }
> }
> return BPF_CLASS(f[len - 1].code) == BPF_RET;
> ! }
>
--------------------------------------------------------------------------------
> _______________________________________________
> Winpcap-bugs mailing list
> Winpcap-bugs at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-bugs
>
More information about the Winpcap-bugs
mailing list