Frederic Heem:

Fix some memleaks and overflows.

I haven't committed the changes that are not bug fixes.

svn path=/trunk/; revision=19777

capture-pcap-util.c

@@ -296,6 +296,7 @@ free_if_cb(gpointer data, gpointer user_data _U_)
 
 	g_slist_foreach(if_info->ip_addr, free_if_info_addr_cb, NULL);
 	g_slist_free(if_info->ip_addr);
+	g_free(if_info);
 }
 
 void

capture_loop.c

@@ -244,6 +244,13 @@ cap_pipe_open_live(char *pipename, struct pcap_hdr *hdr, loop_data *ld,
   unsigned int bytes_read;
 
   g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "cap_pipe_open_live: %s", pipename);
+  
+  if(pipename == NULL){
+    g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_WARNING, "cap_pipe_open_live: pipe name is NULL");
+    g_snprintf(errmsg, errmsgl,
+               "The capture session could not be initiated because the pipe is not valid, maybe lack of privileges?");
+    return -1;
+  }
 
   /*
    * XXX (T)Wireshark blocks until we return
@@ -799,14 +806,19 @@ static void capture_loop_close_input(loop_data *ld) {
   if (ld->cap_pipe_fd >= 0) {
     g_assert(ld->from_cap_pipe);
     eth_close(ld->cap_pipe_fd);
+    ld->cap_pipe_fd = 0;
   }
 
   /* if open, close the pcap "input file" */
   if(ld->pcap_h != NULL) {
+    g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "capture_loop_close_input: closing %p", ld->pcap_h);
     g_assert(!ld->from_cap_pipe);
     pcap_close(ld->pcap_h);
+    ld->pcap_h = NULL;
   }
 
+  ld->go = FALSE;
+  
 #ifdef _WIN32
   /* Shut down windows sockets */
   WSACleanup();
@@ -1020,6 +1032,8 @@ capture_loop_dispatch(capture_options *capture_opts _U_, loop_data *ld,
 #ifdef LOG_CAPTURE_VERBOSE
       g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, "capture_loop_dispatch: from pcap_dispatch");
 #endif
+      if(ld->pcap_h){
+       /* libpcap crashed when the pcap handle is NULL!!*/
 #ifdef _WIN32
       /*
        * On Windows, we don't support asynchronously telling a process to
@@ -1031,6 +1045,9 @@ capture_loop_dispatch(capture_options *capture_opts _U_, loop_data *ld,
 #else
       inpkts = pcap_dispatch(ld->pcap_h, -1, ld->packet_cb, (u_char *) ld);
 #endif
+     } else {
+        inpkts = -1;
+      }
       if (inpkts < 0) {
         if (inpkts == -1) {
           /* Error, rather than pcap_breakloop(). */
@@ -1206,10 +1223,14 @@ capture_loop_start(capture_options *capture_opts, gboolean *stats_known, struct
   gboolean    write_ok;
   gboolean    close_ok;
   gboolean    cfilter_error = FALSE;
-  char        errmsg[4096+1];
-  char        secondary_errmsg[4096+1];
+#define MSG_MAX_LENGTH 4096+1
+  char        errmsg[MSG_MAX_LENGTH] = "";
+  char        secondary_errmsg[MSG_MAX_LENGTH] = "";
   int         save_file_fd = -1;
 
+  if(capture_opts == NULL){
+    return FALSE;
+  }
 
   /* init the loop data */
   ld.go                 = TRUE;
@@ -1561,6 +1582,7 @@ error:
     if(capture_opts->save_file != NULL) {
       eth_unlink(capture_opts->save_file);
       g_free(capture_opts->save_file);
+	  capture_opts->save_file = NULL;
     }
   }
   capture_opts->save_file = NULL;

capture_opts.c

@@ -330,6 +330,7 @@ capture_opts_add_opt(capture_options *capture_opts, int opt, const char *optarg,
             return 1;
         }
         capture_opts->has_cfilter = TRUE;
+        g_free(capture_opts->cfilter);
         capture_opts->cfilter = g_strdup(optarg);
         break;
     case 'H':        /* Hide capture info dialog box */
@@ -361,6 +362,7 @@ capture_opts_add_opt(capture_options *capture_opts, int opt, const char *optarg,
         break;
     case 'w':        /* Write to capture file x */
         capture_opts->saving_to_file = TRUE;
+        g_free(capture_opts->save_file);
 #if defined _WIN32 && (GLIB_MAJOR_VERSION > 2 || (GLIB_MAJOR_VERSION == 2 && GLIB_MINOR_VERSION >= 6))
         /* since GLib 2.6, we need to convert filenames to utf8 for Win32 */
         capture_opts->save_file = g_locale_to_utf8(optarg, -1, NULL, NULL, NULL);

dumpcap.c

@@ -25,6 +25,7 @@
 # include "config.h"
 #endif
 
+#include <stdlib.h> /* for exit() */
 #include <glib.h>
 
 #include <string.h>
@@ -232,8 +233,6 @@ main(int argc, char *argv[])
   int                  opt;
   extern char         *optarg;
   gboolean             arg_error = FALSE;
-  GString             *comp_info_str;
-  GString             *runtime_info_str;
 
 #ifdef _WIN32
   WSADATA              wsaData;
@@ -272,13 +271,6 @@ main(int argc, char *argv[])
   SetConsoleCtrlHandler(&ConsoleCtrlHandlerRoutine, TRUE);
 #endif  /* _WIN32 */
 
-  /* Assemble the compile-time version information string */
-  comp_info_str = g_string_new("Compiled ");
-  get_compiled_version_info(comp_info_str, NULL);
-
-  /* Assemble the run-time version information string */
-  runtime_info_str = g_string_new("Running ");
-  get_runtime_version_info(runtime_info_str, NULL);
 
   /* the default_log_handler will use stdout, which makes trouble in */
   /* capture child mode, as it uses stdout for it's sync_pipe */
@@ -325,9 +317,22 @@ main(int argc, char *argv[])
         exit_main(0);
         break;
       case 'v':        /* Show version and exit */
+      {
+        GString             *comp_info_str;
+        GString             *runtime_info_str;
+        /* Assemble the compile-time version information string */
+        comp_info_str = g_string_new("Compiled with ");
+        get_compiled_version_info(comp_info_str, NULL);
+
+        /* Assemble the run-time version information string */
+        runtime_info_str = g_string_new("Running ");
+        get_runtime_version_info(runtime_info_str, NULL);		
         show_version(comp_info_str, runtime_info_str);
+        g_string_free(comp_info_str, TRUE);
+        g_string_free(runtime_info_str, TRUE);
         exit_main(0);
         break;
+      }
       /*** capture option specific ***/
       case 'a':        /* autostop criteria */
       case 'b':        /* Ringbuffer option */