Fix a problem that shows up with a max packet count passed to pcap_dispatch().
If the last record read in by a read() from a BPF device isn't a multiple of the alignment value for BPF_WORDALIGN(), we could increment bp past ep; handle that case. While we're at it, properly set p->bp and p->cc in the case where we break out of the loop due to a pcap_breakloop() call.
This commit is contained in:
parent
7f1c9ba7ad
commit
b26d8d2aa8
27
pcap-bpf.c
27
pcap-bpf.c
|
@ -955,14 +955,28 @@ pcap_read_bpf(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
|
||||||
* processed so far.
|
* processed so far.
|
||||||
*/
|
*/
|
||||||
if (p->break_loop) {
|
if (p->break_loop) {
|
||||||
|
p->bp = bp;
|
||||||
|
p->cc = ep - bp;
|
||||||
|
/*
|
||||||
|
* ep is set based on the return value of read(),
|
||||||
|
* but read() from a BPF device doesn't necessarily
|
||||||
|
* return a value that's a multiple of the alignment
|
||||||
|
* value for BPF_WORDALIGN(). However, whenever we
|
||||||
|
* increment bp, we round up the increment value by
|
||||||
|
* a value rounded up by BPF_WORDALIGN(), so we
|
||||||
|
* could increment bp past ep after processing the
|
||||||
|
* last packet in the buffer.
|
||||||
|
*
|
||||||
|
* We treat ep < bp as an indication that this
|
||||||
|
* happened, and just set p->cc to 0.
|
||||||
|
*/
|
||||||
|
if (p->cc < 0)
|
||||||
|
p->cc = 0;
|
||||||
if (n == 0) {
|
if (n == 0) {
|
||||||
p->break_loop = 0;
|
p->break_loop = 0;
|
||||||
return (PCAP_ERROR_BREAK);
|
return (PCAP_ERROR_BREAK);
|
||||||
} else {
|
} else
|
||||||
p->bp = bp;
|
|
||||||
p->cc = ep - bp;
|
|
||||||
return (n);
|
return (n);
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
caplen = bhp->bh_caplen;
|
caplen = bhp->bh_caplen;
|
||||||
|
@ -1014,6 +1028,11 @@ pcap_read_bpf(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
|
||||||
if (++n >= cnt && cnt > 0) {
|
if (++n >= cnt && cnt > 0) {
|
||||||
p->bp = bp;
|
p->bp = bp;
|
||||||
p->cc = ep - bp;
|
p->cc = ep - bp;
|
||||||
|
/*
|
||||||
|
* See comment above about p->cc < 0.
|
||||||
|
*/
|
||||||
|
if (p->cc < 0)
|
||||||
|
p->cc = 0;
|
||||||
return (n);
|
return (n);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
|
Reference in New Issue