diff options
| author | fenner <fenner@FreeBSD.org> | 1997-05-27 00:01:12 +0000 |
|---|---|---|
| committer | fenner <fenner@FreeBSD.org> | 1997-05-27 00:01:12 +0000 |
| commit | 737558aa98d3b86de65ff8e1fd0fe39d5debcde7 (patch) | |
| tree | de061620aa05599ec749d528046e58091ef80529 /contrib/libpcap/savefile.c | |
| parent | 498933506f435a155849919ee10bbdbc9ad42caa (diff) | |
| download | FreeBSD-src-737558aa98d3b86de65ff8e1fd0fe39d5debcde7.zip FreeBSD-src-737558aa98d3b86de65ff8e1fd0fe39d5debcde7.tar.gz | |
Virgin import of libpcap 0.3
Diffstat (limited to 'contrib/libpcap/savefile.c')
| -rw-r--r-- | contrib/libpcap/savefile.c | 28 |
1 files changed, 20 insertions, 8 deletions
diff --git a/contrib/libpcap/savefile.c b/contrib/libpcap/savefile.c index b9021c0..a346ac8 100644 --- a/contrib/libpcap/savefile.c +++ b/contrib/libpcap/savefile.c @@ -17,13 +17,7 @@ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. - */ -#ifndef lint -static char rcsid[] = - "@(#)$Header: savefile.c,v 1.30 96/07/15 00:48:52 leres Exp $ (LBL)"; -#endif - -/* + * * savefile.c - supports offline use of tcpdump * Extraction/creation by Jeffrey Mogul, DECWRL * Modified by Steve McCanne, LBL. @@ -34,6 +28,11 @@ static char rcsid[] = * dependent values so we can print the dump file on any architecture. */ +#ifndef lint +static const char rcsid[] = + "@(#) $Header: savefile.c,v 1.36 96/12/10 23:15:02 leres Exp $ (LBL)"; +#endif + #include <sys/types.h> #include <sys/time.h> @@ -65,7 +64,7 @@ static char rcsid[] = #define SWAPLONG(y) \ ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff)) #define SWAPSHORT(y) \ - ( (((y)&0xff)<<8) | (((y)&0xff00)>>8) ) + ( (((y)&0xff)<<8) | ((u_short)((y)&0xff00)>>8) ) #define SFERR_TRUNC 1 #define SFERR_BADVERSION 2 @@ -233,12 +232,17 @@ sf_next_packet(pcap_t *p, struct pcap_pkthdr *hdr, u_char *buf, int buflen) static u_char *tp = NULL; static int tsize = 0; + if (hdr->caplen > 65535) { + sprintf(p->errbuf, "bogus savefile header"); + return (-1); + } if (tsize < hdr->caplen) { tsize = ((hdr->caplen + 1023) / 1024) * 1024; if (tp != NULL) free((u_char *)tp); tp = (u_char *)malloc(tsize); if (tp == NULL) { + tsize = 0; sprintf(p->errbuf, "BUFMOD hack malloc"); return (-1); } @@ -247,6 +251,14 @@ sf_next_packet(pcap_t *p, struct pcap_pkthdr *hdr, u_char *buf, int buflen) sprintf(p->errbuf, "truncated dump file"); return (-1); } + /* + * We can only keep up to buflen bytes. Since caplen > buflen + * is exactly how we got here, we know we can only keep the + * first buflen bytes and must drop the remainder. Adjust + * caplen accordingly, so we don't get confused later as + * to how many bytes we have to play with. + */ + hdr->caplen = buflen; memcpy((char *)buf, (char *)tp, buflen); } else { |
