Fix a bug in the handling of cases where we got a short (or zero)
capture. Zero length captures caused an infinte loop and short captures probably caused memory corruption and a crash. Reported by: many MFC After: 3 days
This commit is contained in:
parent
fd95fd457f
commit
4eae015de1
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=148451
@ -316,19 +316,19 @@ receive_packet(struct interface_info *interface, unsigned char *buf,
|
||||
continue;
|
||||
}
|
||||
|
||||
/* Skip over the BPF header... */
|
||||
interface->rbuf_offset += hdr.bh_hdrlen;
|
||||
|
||||
/*
|
||||
* If the captured data wasn't the whole packet, or if
|
||||
* the packet won't fit in the input buffer, all we can
|
||||
* do is drop it.
|
||||
*/
|
||||
if (hdr.bh_caplen != hdr.bh_datalen) {
|
||||
interface->rbuf_offset += hdr.bh_hdrlen = hdr.bh_caplen;
|
||||
interface->rbuf_offset += hdr.bh_caplen;
|
||||
continue;
|
||||
}
|
||||
|
||||
/* Skip over the BPF header... */
|
||||
interface->rbuf_offset += hdr.bh_hdrlen;
|
||||
|
||||
/* Decode the physical header... */
|
||||
offset = decode_hw_header(interface->rbuf,
|
||||
interface->rbuf_offset, hfrom);
|
||||
|
Loading…
Reference in New Issue
Block a user