[tcpdump-workers] pcap_offline_read() fix

Dug Song Sat, 27 Nov 2004 22:41:40 -0800

a program which changes the filter for its pcap handle at runtime with
pcap_compile/setfilter() will abort when operating on a savefile, due
to this dangling ptr reference in pcap_offline_read():


--- savefile.c- Thu Mar 11 18:46:14 2004
+++ savefile.c  Sun Nov 28 01:15:13 2004
@@ -906,7 +906,7 @@
 int
 pcap_offline_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
 {
-       struct bpf_insn *fcode = p->fcode.bf_insns;
+       struct bpf_insn *fcode;
        int status = 0;
        int n = 0;
 
@@ -937,7 +937,7 @@
                        return (status);
                }
 
-               if (fcode == NULL ||
+               if ((fcode = p->fcode.bf_insns) == NULL ||
                    bpf_filter(fcode, p->buffer, h.len, h.caplen)) {
                        (*callback)(user, &h, p->buffer);
                        if (++n >= cnt && cnt > 0)

you might consider just getting rid of the fcode ptr altogether...

-d.

---
http://monkey.org/~dugsong/
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.

[tcpdump-workers] pcap_offline_read() fix

Reply via email to