diff options
| author | hopper-vul <hopper.vul@gmail.com> | 2022-12-21 14:34:59 +0800 |
|---|---|---|
| committer | Guy Harris <gharris@sonic.net> | 2022-12-21 12:32:01 -0800 |
| commit | 93bd5547b660e446ef2b6d078263aed79efd595c (patch) | |
| tree | c711d5b0ec5c16a453701cb21d8aa76e377a077c | |
| parent | cbef667b5a272c4ed1dfe9e5dbda1e17996ea069 (diff) | |
| download | libpcap-93bd5547b660e446ef2b6d078263aed79efd595c.tar.gz | |
Fix two null pointer crashes of breakloop and can_set_rfmon
pcap_open_dead and pcap_fopen_offline has not initialized the breakloop_op and can_set_rfmon_op callback respectively,
if pcap_breakloop() is called followed by pcap_open_dead() and pcap_can_set_rfmon() is called followed by pcap_fopen_offline()
then the null function pointer crashes will happen.
This commit adds two default implementation pcap_breakloop_dead and sf_cant_set_rfmon and uses them to initialize those two missed callbacks.
Signed-off-by: hopper-vul <hopper.vul@gmail.com>
(cherry picked from commit eae1a8597f0c88508b3f756c69daefc3dd814e99)
| -rw-r--r-- | pcap.c | 9 | ||||
| -rw-r--r-- | savefile.c | 11 |
2 files changed, 20 insertions, 0 deletions
@@ -4202,6 +4202,14 @@ pcap_read_dead(pcap_t *p, int cnt _U_, pcap_handler callback _U_, } static int +pcap_breakloop_dead(pcap_t *p) +{ + snprintf(p->errbuf, PCAP_ERRBUF_SIZE, + "A breakloop cannot be set on a pcap_open_dead pcap_t"); + return (-1); +} + +static int pcap_inject_dead(pcap_t *p, const void *buf _U_, int size _U_) { snprintf(p->errbuf, PCAP_ERRBUF_SIZE, @@ -4414,6 +4422,7 @@ pcap_open_dead_with_tstamp_precision(int linktype, int snaplen, u_int precision) p->live_dump_ended_op = pcap_live_dump_ended_dead; p->get_airpcap_handle_op = pcap_get_airpcap_handle_dead; #endif + p->breakloop_op = pcap_breakloop_dead; p->cleanup_op = pcap_cleanup_dead; /* @@ -112,6 +112,16 @@ sf_setnonblock(pcap_t *p, int nonblock _U_) } static int +sf_cant_set_rfmon(pcap_t *p _U_) +{ + /* + * This is a savefile, not a live capture file, so never say + * it's monitor mode. + */ + return (0); +} + +static int sf_stats(pcap_t *p, struct pcap_stat *ps _U_) { snprintf(p->errbuf, PCAP_ERRBUF_SIZE, @@ -551,6 +561,7 @@ found: p->selectable_fd = fileno(fp); #endif + p->can_set_rfmon_op = sf_cant_set_rfmon; p->read_op = pcap_offline_read; p->inject_op = sf_inject; p->setfilter_op = install_bpf_program; |