On Fri, 15 Oct 2004, Hannes Gredler wrote:
> shouldn't we have upper/lower boundary checks for
> such a buffer ?
>
> i.e. minbuffer 1.5K
> maxbuffer 128K
And if this is done, shouldn't we be doing some input validation?
The user might not even give a numeric value, much less positive one.
And think about the cases when tcpdump is setuid root, and run by
users. Seems like a potentially dangerous thing to do..
> On Thu, Oct 14, 2004 at 02:29:14PM -0400, Ed Maste wrote:
> | > I'll download one of the nightly tars and try out the
> | > environment variable idea.
> |
> | Here's my simple patch to allow an environment variable
> | PCAP_BUFSIZE to override the default initial buffer size.
> |
> | --- pcap-bpf.c Tue Oct 5 03:23:39 2004
> | +++ pcap-bpf.c.new Thu Oct 14 14:21:41 2004
> | @@ -578,6 +578,7 @@
> | u_int v;
> | pcap_t *p;
> | struct utsname osinfo;
> | + char *cp;
> |
> | #ifdef HAVE_DAG_API
> | if (strstr(device, "dag")) {
> | @@ -626,6 +627,8 @@
> | */
> | if ((ioctl(fd, BIOCGBLEN, (caddr_t)&v) < 0) || v < 32768)
> | v = 32768;
> | + if ((cp = getenv("PCAP_BUFSIZE")))
> | + v = atoi(cp);
> | for ( ; v != 0; v >>= 1) {
> | /* Ignore the return value - this is because the call fails
> | * on BPF systems that don't have kernel malloc. And if
> | -
> | This is the tcpdump-workers list.
> | Visit https://lists.sandelman.ca/ to unsubscribe.
> |
> -
> This is the tcpdump-workers list.
> Visit https://lists.sandelman.ca/ to unsubscribe.
>
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
