From c60ebf10efd105d149f7c2d3eb15dec38af45001 Mon Sep 17 00:00:00 2001 From: Guy Harris Date: Wed, 26 Jan 2022 15:00:26 -0800 Subject: Make sure no read routine process more than INT_MAX packets. Some read routines don't read a single bufferful of packets and process just those packets; if packets continue to be made available, they could conceivably process an arbitrary number of packets. That would mean that the packet count overflows; either that makes it look like a negative number, making it look as if an error occurred, or makes it look like a too-small positive number. This can't be fixed by making the count 64-bit, as it ultimately gets returned by pcap_dispatch(), which is defined to return an int. Instead, if the maximum packet count argument to those routines is a value that means "no maximum", we set the maximum to INT_MAX. Those routines are *not* defined to loop forever, so this isn't an issue. This should fix issue #1087. --- pcap-bpf.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'pcap-bpf.c') diff --git a/pcap-bpf.c b/pcap-bpf.c index 836e7d00..c9967ee0 100644 --- a/pcap-bpf.c +++ b/pcap-bpf.c @@ -1177,6 +1177,9 @@ pcap_read_bpf(pcap_t *p, int cnt, pcap_handler callback, u_char *user) /* * Loop through each packet. + * + * This assumes that a single buffer of packets will have + * <= INT_MAX packets, so the packet count doesn't overflow. */ #ifdef BIOCSTSTAMP #define bhp ((struct bpf_xhdr *)bp) -- cgit v1.2.1