On Fri, 15 Oct 2004, Hannes Gredler wrote: > shouldn't we have upper/lower boundary checks for > such a buffer ? > > i.e. minbuffer 1.5K > maxbuffer 128K
And if this is done, shouldn't we be doing some input validation? The user might not even give a numeric value, much less positive one. And think about the cases when tcpdump is setuid root, and run by users. Seems like a potentially dangerous thing to do.. > On Thu, Oct 14, 2004 at 02:29:14PM -0400, Ed Maste wrote: > | > I'll download one of the nightly tars and try out the > | > environment variable idea. > | > | Here's my simple patch to allow an environment variable > | PCAP_BUFSIZE to override the default initial buffer size. > | > | --- pcap-bpf.c Tue Oct 5 03:23:39 2004 > | +++ pcap-bpf.c.new Thu Oct 14 14:21:41 2004 > | @@ -578,6 +578,7 @@ > | u_int v; > | pcap_t *p; > | struct utsname osinfo; > | + char *cp; > | > | #ifdef HAVE_DAG_API > | if (strstr(device, "dag")) { > | @@ -626,6 +627,8 @@ > | */ > | if ((ioctl(fd, BIOCGBLEN, (caddr_t)&v) < 0) || v < 32768) > | v = 32768; > | + if ((cp = getenv("PCAP_BUFSIZE"))) > | + v = atoi(cp); > | for ( ; v != 0; v >>= 1) { > | /* Ignore the return value - this is because the call fails > | * on BPF systems that don't have kernel malloc. And if > | - > | This is the tcpdump-workers list. > | Visit https://lists.sandelman.ca/ to unsubscribe. > | > - > This is the tcpdump-workers list. > Visit https://lists.sandelman.ca/ to unsubscribe. > -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.