[Winpcap-users] WinPCap driver BIOCSETOID / BIOCQUERYOID bug

Fish" (David B. Trout fish at infidels.org
Thu Jun 3 08:16:16 PDT 2010 

WinPCap version: 4.1.1
Source member:   Packet.c
Function:        NPF_IoControl
Case:            BIOCSETOID / BIOCQUERYOID
Statement/line:  1532
Discussion:

The 'if' statement is enforcing the artificial restriction that the
DeviceIoControl caller's input and output buffers be the same size. As
currently designed the caller might as well pass the exact same buffer for
both input and the output.

This is silly.

DeviceIoControl has always supported completely separate input and output
buffers and thus completely different input and output buffer sizes.

The patch is attached.

PLEASE NOTE: the patch modifies BIOCSETOID / BIOCQUERYOID so that only the
object id (OID) needs to be passed [to WinPCap] in the input buffer (the
buffer size to be passed in the NDIS request is implied based on the sizes
of the input or output buffers passed to WinPCap) and thus DOES BREAK
EXISTING BIOCSETOID / BIOCQUERYOID CODE.

THEREFORE to be technically correct my "fix" should be considered as simply
illustrative of the way new [to be #defined] BIOCSETOID_EX / BIOCQUERYOID_EX
ioctls should behave only, and NOT an actual per se fix to existing code.
Rather, my patch defines how two new proposed as-yet-to-be-determined ioctl
codes should behave.

The idea here is all that a user needs to do to set/query an OID should be
as simple as:


  BYTE queryoidbuf[bufsiz];
  DWORD Oid = OID_WHATEVER;
  DeviceIoControl(handle, BIOCQUERYOID, &Oid, sizeof(Oid), queryoidbuf,
bufsiz, ... );


and:


  BYTE setoidbuff[bufsiz];
  *((DWORD*)setoidbuff) = OID_WHATEVER;
  memcpy(&setoidbuff[sizeof(DWORD)], whatever, bufsiz - sizeof(DWORD));
  DeviceIoControl(handle, BIOCSETOID, setoidbuff, bufsiz, NULL, 0, ...);


Thanks for listening.

-- 
"Fish" (David B. Trout) 
 fish at softdevlabs.com


-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: fish.winpcap.fix.patch.txt
Url: http://www.winpcap.org/pipermail/winpcap-users/attachments/20100603/f331df65/attachment.txt

More information about the Winpcap-users mailing list