]> The Tcpdump Group git mirrors - libpcap/blobdiff - rpcapd/daemon.c
projects / libpcap / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Update config.{guess,sub}, timestamps 2023-01-01,2023-01-21
[libpcap] / rpcapd / daemon.c
diff --git a/rpcapd/daemon.c b/rpcapd/daemon.c
index cc56d1a2303af2724f60353e31c4aa2967927351..9b0f828515267822a9712fd7d09a0d28070cd2c4 100644 (file)
--- a/rpcapd/daemon.c
+++ b/rpcapd/daemon.c
@@ -70,16 +70,33 @@
 #include "sslutils.h"
 #endif
 
 #include "sslutils.h"
 #endif
 
-#define RPCAP_TIMEOUT_INIT 90          /* Initial timeout for RPCAP connections (default: 90 sec) */
-#define RPCAP_TIMEOUT_RUNTIME 180      /* Run-time timeout for RPCAP connections (default: 3 min) */
-#define RPCAP_SUSPEND_WRONGAUTH 1      /* If the authentication is wrong, stops 1 sec before accepting a new auth message */
+//
+// Timeout, in seconds, when we're waiting for a client to send us an
+// authentication request; if they don't send us a request within that
+// interval, we drop the connection, so we don't stay stuck forever.
+//
+#define RPCAP_TIMEOUT_INIT 90
+
+//
+// Timeout, in seconds, when we're waiting for an authenticated client
+// to send us a request, if a capture isn't in progress; if they don't
+// send us a request within that interval, we drop the connection, so
+// we don't stay stuck forever.
+//
+#define RPCAP_TIMEOUT_RUNTIME 180
+
+//
+// Time, in seconds, that we wait after a failed authentication attempt
+// before processing the next request; this prevents a client from
+// rapidly trying different accounts or passwords.
+//
+#define RPCAP_SUSPEND_WRONGAUTH 1
 
 // Parameters for the service loop.
 struct daemon_slpars
 {
        SOCKET sockctrl;        //!< SOCKET ID of the control connection
        SSL *ssl;               //!< Optional SSL handler for the controlling sockets
 
 // Parameters for the service loop.
 struct daemon_slpars
 {
        SOCKET sockctrl;        //!< SOCKET ID of the control connection
        SSL *ssl;               //!< Optional SSL handler for the controlling sockets
-       uint8 protocol_version; //!< negotiated protocol version
        int isactive;           //!< Not null if the daemon has to run in active mode
        int nullAuthAllowed;    //!< '1' if we permit NULL authentication, '0' otherwise
 };
        int isactive;           //!< Not null if the daemon has to run in active mode
        int nullAuthAllowed;    //!< '1' if we permit NULL authentication, '0' otherwise
 };
@@ -112,18 +129,27 @@ static int daemon_msg_err(SOCKET sockctrl, SSL *, uint32 plen);
 static int daemon_msg_auth_req(struct daemon_slpars *pars, uint32 plen);
 static int daemon_AuthUserPwd(char *username, char *password, char *errbuf);
 
 static int daemon_msg_auth_req(struct daemon_slpars *pars, uint32 plen);
 static int daemon_AuthUserPwd(char *username, char *password, char *errbuf);
 
-static int daemon_msg_findallif_req(struct daemon_slpars *pars, uint32 plen);
+static int daemon_msg_findallif_req(uint8 ver, struct daemon_slpars *pars,
+    uint32 plen);
 
 
-static int daemon_msg_open_req(struct daemon_slpars *pars, uint32 plen, char *source, size_t sourcelen);
-static int daemon_msg_startcap_req(struct daemon_slpars *pars, uint32 plen, char *source, struct session **sessionp, struct rpcap_sampling *samp_param, int uses_ssl);
-static int daemon_msg_endcap_req(struct daemon_slpars *pars, struct session *session);
+static int daemon_msg_open_req(uint8 ver, struct daemon_slpars *pars,
+    uint32 plen, char *source, size_t sourcelen);
+static int daemon_msg_startcap_req(uint8 ver, struct daemon_slpars *pars,
+    uint32 plen, char *source, struct session **sessionp,
+    struct rpcap_sampling *samp_param, int uses_ssl);
+static int daemon_msg_endcap_req(uint8 ver, struct daemon_slpars *pars,
+    struct session *session);
 
 
-static int daemon_msg_updatefilter_req(struct daemon_slpars *pars, struct session *session, uint32 plen);
+static int daemon_msg_updatefilter_req(uint8 ver, struct daemon_slpars *pars,
+    struct session *session, uint32 plen);
 static int daemon_unpackapplyfilter(SOCKET sockctrl, SSL *, struct session *session, uint32 *plenp, char *errbuf);
 
 static int daemon_unpackapplyfilter(SOCKET sockctrl, SSL *, struct session *session, uint32 *plenp, char *errbuf);
 
-static int daemon_msg_stats_req(struct daemon_slpars *pars, struct session *session, uint32 plen, struct pcap_stat *stats, unsigned int svrcapt);
+static int daemon_msg_stats_req(uint8 ver, struct daemon_slpars *pars,
+    struct session *session, uint32 plen, struct pcap_stat *stats,
+    unsigned int svrcapt);
 
 
-static int daemon_msg_setsampling_req(struct daemon_slpars *pars, uint32 plen, struct rpcap_sampling *samp_param);
+static int daemon_msg_setsampling_req(uint8 ver, struct daemon_slpars *pars,
+    uint32 plen, struct rpcap_sampling *samp_param);
 
 static void daemon_seraddr(struct sockaddr_storage *sockaddrin, struct rpcap_sockaddr *sockaddrout);
 #ifdef _WIN32
 
 static void daemon_seraddr(struct sockaddr_storage *sockaddrin, struct rpcap_sockaddr *sockaddrout);
 #ifdef _WIN32
@@ -138,10 +164,59 @@ static int rpcapd_recv(SOCKET sock, SSL *, char *buffer, size_t toread, uint32 *
 static int rpcapd_discard(SOCKET sock, SSL *, uint32 len);
 static void session_close(struct session *);
 
 static int rpcapd_discard(SOCKET sock, SSL *, uint32 len);
 static void session_close(struct session *);
 
+//
+// TLS record layer header; used when processing the first message from
+// the client, in case we aren't doing TLS but they are.
+//
+struct tls_record_header {
+       uint8 type;             // ContentType - will be 22, for Handshake
+       uint8 version_major;    // TLS protocol major version
+       uint8 version_injor;    // TLS protocol minor version
+       // This is *not* aligned on a 2-byte boundary; we just
+       // declare it as two bytes.  Don't assume any particular
+       // compiler's mechanism for saying "packed"!
+       uint8 length_hi;        // Upper 8 bits of payload length
+       uint8 length_lo;        // Low 8 bits of payload length
+};
+
+#define TLS_RECORD_HEADER_LEN  5       // Don't use sizeof in case it's padded
+
+#define TLS_RECORD_TYPE_ALERT          21
+#define TLS_RECORD_TYPE_HANDSHAKE      22
+
+//
+// TLS alert message.
+//
+struct tls_alert {
+       uint8 alert_level;
+       uint8 alert_description;
+};
+
+#define TLS_ALERT_LEN                  2
+
+#define TLS_ALERT_LEVEL_FATAL          2
+#define TLS_ALERT_HANDSHAKE_FAILURE    40
+
+static int is_url(const char *source);
+
+/*
+ * Maximum sizes for fixed-bit-width values.
+ */
+#ifndef UINT16_MAX
+#define UINT16_MAX     65535U
+#endif
+
+#ifndef UINT32_MAX
+#define UINT32_MAX     4294967295U
+#endif
+
 int
 daemon_serviceloop(SOCKET sockctrl, int isactive, char *passiveClients,
     int nullAuthAllowed, int uses_ssl)
 {
 int
 daemon_serviceloop(SOCKET sockctrl, int isactive, char *passiveClients,
     int nullAuthAllowed, int uses_ssl)
 {
+       uint8 first_octet;
+       struct tls_record_header tls_header;
+       struct tls_alert tls_alert;
        struct daemon_slpars pars;              // service loop parameters
        char errbuf[PCAP_ERRBUF_SIZE + 1];      // keeps the error string, prior to be printed
        char errmsgbuf[PCAP_ERRBUF_SIZE + 1];   // buffer for errors to send to the client
        struct daemon_slpars pars;              // service loop parameters
        char errbuf[PCAP_ERRBUF_SIZE + 1];      // keeps the error string, prior to be printed
        char errmsgbuf[PCAP_ERRBUF_SIZE + 1];   // buffer for errors to send to the client
@@ -173,6 +248,32 @@ daemon_serviceloop(SOCKET sockctrl, int isactive, char *passiveClients,
 
        *errbuf = 0;    // Initialize errbuf
 
 
        *errbuf = 0;    // Initialize errbuf
 
+       //
+       // Peek into the socket to determine whether the client sent us
+       // a TLS handshake message or a non-TLS rpcapd message.
+       //
+       // The first byte of an rpcapd request is the version number;
+       // the first byte of a TLS handshake message is 22.  The
+       // first request to an rpcapd server must be an authentication
+       // request or a close request, and must have a version number
+       // of 0, so it will be possible to distinguish between an
+       // initial plaintext request to a server and an initial TLS
+       // handshake message.
+       //
+       nrecv = sock_recv(sockctrl, NULL, (char *)&first_octet, 1,
+           SOCK_EOF_ISNT_ERROR|SOCK_MSG_PEEK, errbuf, PCAP_ERRBUF_SIZE);
+       if (nrecv == -1)
+       {
+               // Fatal error.
+               rpcapd_log(LOGPRIO_ERROR, "Peek from client failed: %s", errbuf);
+               goto end;
+       }
+       if (nrecv == 0)
+       {
+               // Client closed the connection.
+               goto end;
+       }
+
 #ifdef HAVE_OPENSSL
        //
        // We have to upgrade to TLS as soon as possible, so that the
 #ifdef HAVE_OPENSSL
        //
        // We have to upgrade to TLS as soon as possible, so that the
@@ -185,6 +286,56 @@ daemon_serviceloop(SOCKET sockctrl, int isactive, char *passiveClients,
        //
        if (uses_ssl)
        {
        //
        if (uses_ssl)
        {
+               //
+               // We're expecting a TLS handshake message.  If this
+               // isn't one, assume it's a non-TLS rpcapd message.
+               //
+               // The first octet of a TLS handshake is
+               // TLS_RECORD_TYPE_HANDSHAKE.
+               //
+               if (first_octet != TLS_RECORD_TYPE_HANDSHAKE)
+               {
+                       //
+                       // We assume this is a non-TLS rpcapd message.
+                       //
+                       // Read the message header from the client.
+                       //
+                       nrecv = rpcapd_recv_msg_header(sockctrl, NULL, &header);
+                       if (nrecv == -1)
+                       {
+                               // Fatal error.
+                               goto end;
+                       }
+                       if (nrecv == -2)
+                       {
+                               // Client closed the connection.
+                               goto end;
+                       }
+                       plen = header.plen;
+
+                       // Discard the rest of the message.
+                       if (rpcapd_discard(sockctrl, NULL, plen) == -1)
+                       {
+                               // Network error.
+                               goto end;
+                       }
+
+                       //
+                       // Send an authentication error, indicating
+                       // that we require TLS.
+                       //
+                       if (rpcap_senderror(sockctrl, NULL, header.ver,
+                           PCAP_ERR_TLS_REQUIRED,
+                           "TLS is required by this server", errbuf) == -1)
+                       {
+                               // That failed; log a message and give up.
+                               rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
+                               goto end;
+                       }
+
+                       // Shut the session down.
+                       goto end;
+               }
                ssl = ssl_promotion(1, sockctrl, errbuf, PCAP_ERRBUF_SIZE);
                if (! ssl)
                {
                ssl = ssl_promotion(1, sockctrl, errbuf, PCAP_ERRBUF_SIZE);
                if (! ssl)
                {
@@ -193,12 +344,81 @@ daemon_serviceloop(SOCKET sockctrl, int isactive, char *passiveClients,
                        goto end;
                }
        }
                        goto end;
                }
        }
+       else
 #endif
 #endif
+       {
+               //
+               // We're expecting a non-TLS rpcapd message.  If this
+               // looks, instead, like a TLS handshake message, send
+               // a TLS handshake_failed alert.
+               //
+               // The first octet of a TLS handshake is
+               // TLS_RECORD_TYPE_HANDSHAKE.
+               //
+               if (first_octet == TLS_RECORD_TYPE_HANDSHAKE)
+               {
+                       //
+                       // TLS handshake.
+                       // Read the record header.
+                       //
+                       nrecv = sock_recv(sockctrl, ssl, (char *) &tls_header,
+                           sizeof tls_header, SOCK_RECEIVEALL_YES|SOCK_EOF_ISNT_ERROR,
+                           errbuf, PCAP_ERRBUF_SIZE);
+                       if (nrecv == -1)
+                       {
+                               // Network error.
+                               rpcapd_log(LOGPRIO_ERROR, "Read from client failed: %s", errbuf);
+                               goto end;
+                       }
+                       if (nrecv == 0)
+                       {
+                               // Immediate EOF
+                               goto end;
+                       }
+                       plen = (tls_header.length_hi << 8U) | tls_header.length_lo;
+
+                       // Discard the rest of the message.
+                       if (rpcapd_discard(sockctrl, NULL, plen) == -1)
+                       {
+                               // Network error.
+                               goto end;
+                       }
+
+                       //
+                       // Send a TLS handshake failure alert.
+                       // Use the same version the client sent us.
+                       //
+                       tls_header.type = TLS_RECORD_TYPE_ALERT;
+                       tls_header.length_hi = 0;
+                       tls_header.length_lo = TLS_ALERT_LEN;
+
+                       if (sock_send(sockctrl, NULL, (char *) &tls_header,
+                           TLS_RECORD_HEADER_LEN, errbuf, PCAP_ERRBUF_SIZE) == -1)
+                       {
+                               // That failed; log a message and give up.
+                               rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
+                               goto end;
+                       }
+
+                       tls_alert.alert_level = TLS_ALERT_LEVEL_FATAL;
+                       tls_alert.alert_description = TLS_ALERT_HANDSHAKE_FAILURE;
+                       if (sock_send(sockctrl, NULL, (char *) &tls_alert,
+                           TLS_ALERT_LEN, errbuf, PCAP_ERRBUF_SIZE) == -1)
+                       {
+                               // That failed; log a message and give up.
+                               rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
+                               goto end;
+                       }
+                       //
+                       // Give up anyway.
+                       //
+                       goto end;
+               }
+       }
 
        // Set parameters structure
        pars.sockctrl = sockctrl;
        pars.ssl = ssl;
 
        // Set parameters structure
        pars.sockctrl = sockctrl;
        pars.ssl = ssl;
-       pars.protocol_version = 0;              // not yet known
        pars.isactive = isactive;               // active mode
        pars.nullAuthAllowed = nullAuthAllowed;
 
        pars.isactive = isactive;               // active mode
        pars.nullAuthAllowed = nullAuthAllowed;
 
@@ -229,7 +449,8 @@ daemon_serviceloop(SOCKET sockctrl, int isactive, char *passiveClients,
                if (getpeername(pars.sockctrl, (struct sockaddr *)&from,
                    &fromlen) == -1)
                {
                if (getpeername(pars.sockctrl, (struct sockaddr *)&from,
                    &fromlen) == -1)
                {
-                       sock_geterror("getpeername(): ", errmsgbuf, PCAP_ERRBUF_SIZE);
+                       sock_geterrmsg(errmsgbuf, PCAP_ERRBUF_SIZE,
+                           "getpeername() failed");
                        if (rpcap_senderror(pars.sockctrl, pars.ssl, 0, PCAP_ERR_NETW, errmsgbuf, errbuf) == -1)
                                rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                        goto end;
                        if (rpcap_senderror(pars.sockctrl, pars.ssl, 0, PCAP_ERR_NETW, errmsgbuf, errbuf) == -1)
                                rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                        goto end;
@@ -243,6 +464,13 @@ daemon_serviceloop(SOCKET sockctrl, int isactive, char *passiveClients,
                passiveClients = NULL;
                if (host_port_check_status < 0)
                {
                passiveClients = NULL;
                if (host_port_check_status < 0)
                {
+                       if (host_port_check_status == -2) {
+                               //
+                               // We got an error; log it.
+                               //
+                               rpcapd_log(LOGPRIO_ERROR, "%s", errmsgbuf);
+                       }
+
                        //
                        // Sorry, we can't let you in.
                        //
                        //
                        // Sorry, we can't let you in.
                        //
@@ -278,10 +506,11 @@ daemon_serviceloop(SOCKET sockctrl, int isactive, char *passiveClients,
        while (!authenticated)
        {
                //
        while (!authenticated)
        {
                //
-               // If we're in active mode, we have to check for the
-               // initial timeout.
-               //
-               // XXX - do this on *every* trip through the loop?
+               // If we're not in active mode, we use select(), with a
+               // timeout, to wait for an authentication request; if
+               // the timeout expires, we drop the connection, so that
+               // a client can't just connect to us and leave us
+               // waiting forever.
                //
                if (!pars.isactive)
                {
                //
                if (!pars.isactive)
                {
@@ -295,7 +524,8 @@ daemon_serviceloop(SOCKET sockctrl, int isactive, char *passiveClients,
                        retval = select((int)pars.sockctrl + 1, &rfds, NULL, NULL, &tv);
                        if (retval == -1)
                        {
                        retval = select((int)pars.sockctrl + 1, &rfds, NULL, NULL, &tv);
                        if (retval == -1)
                        {
-                               sock_geterror("select failed: ", errmsgbuf, PCAP_ERRBUF_SIZE);
+                               sock_geterrmsg(errmsgbuf, PCAP_ERRBUF_SIZE,
+                                   "select() failed");
                                if (rpcap_senderror(pars.sockctrl, pars.ssl, 0, PCAP_ERR_NETW, errmsgbuf, errbuf) == -1)
                                        rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                                goto end;
                                if (rpcap_senderror(pars.sockctrl, pars.ssl, 0, PCAP_ERR_NETW, errmsgbuf, errbuf) == -1)
                                        rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                                goto end;
@@ -329,49 +559,17 @@ daemon_serviceloop(SOCKET sockctrl, int isactive, char *passiveClients,
                plen = header.plen;
 
                //
                plen = header.plen;
 
                //
-               // Did the client specify a version we can handle?
+               // While we're in the authentication pharse, all requests
+               // must use version 0.
                //
                //
-               if (!RPCAP_VERSION_IS_SUPPORTED(header.ver))
+               if (header.ver != 0)
                {
                        //
                {
                        //
-                       // Tell them it's not a valid protocol version.
-                       //
-                       uint8 reply_version;
-
-                       //
-                       // If RPCAP_MIN_VERSION is 0, no version is too
-                       // old, as the oldest supported version is 0,
-                       // and there are no negative versions.
+                       // Send it back to them with their version.
                        //
                        //
-#if RPCAP_MIN_VERSION != 0
-                       if (header.ver < RPCAP_MIN_VERSION)
-                       {
-                               //
-                               // Their maximum version is too old;
-                               // there *is* no version we can both
-                               // handle, and they might reject
-                               // an error with a version they don't
-                               // understand, so reply with the
-                               // version they sent.  That may
-                               // make them retry with that version,
-                               // but they'll give up on that
-                               // failure.
-                               //
-                               reply_version = header.ver;
-                       }
-                       else
-#endif
-                       {
-                               //
-                               // Their maximum version is too new,
-                               // but they might be able to handle
-                               // *our* maximum version, so reply
-                               // with that version.
-                               //
-                               reply_version = RPCAP_MAX_VERSION;
-                       }
-                       if (rpcap_senderror(pars.sockctrl, pars.ssl, reply_version,
-                           PCAP_ERR_WRONGVER, "RPCAP version number mismatch",
+                       if (rpcap_senderror(pars.sockctrl, pars.ssl, header.ver,
+                           PCAP_ERR_WRONGVER,
+                           "RPCAP version in requests in the authentication phase must be 0",
                            errbuf) == -1)
                        {
                                // That failed; log a message and give up.
                            errbuf) == -1)
                        {
                                // That failed; log a message and give up.
@@ -379,22 +577,12 @@ daemon_serviceloop(SOCKET sockctrl, int isactive, char *passiveClients,
                                goto end;
                        }
 
                                goto end;
                        }
 
-                       // Discard the rest of the message.
-                       if (rpcapd_discard(pars.sockctrl, pars.ssl, plen) == -1)
-                       {
-                               // Network error.
-                               goto end;
-                       }
-
-                       // Let them try again.
-                       continue;
+                       // Discard the rest of the message and drop the
+                       // connection.
+                       (void)rpcapd_discard(pars.sockctrl, pars.ssl, plen);
+                       goto end;
                }
 
                }
 
-               //
-               // OK, we use the version the client specified.
-               //
-               pars.protocol_version = header.ver;
-
                switch (header.type)
                {
                        case RPCAP_MSG_AUTH_REQ:
                switch (header.type)
                {
                        case RPCAP_MSG_AUTH_REQ:
@@ -453,14 +641,14 @@ daemon_serviceloop(SOCKET sockctrl, int isactive, char *passiveClients,
                                msg_type_string = rpcap_msg_type_string(header.type);
                                if (msg_type_string != NULL)
                                {
                                msg_type_string = rpcap_msg_type_string(header.type);
                                if (msg_type_string != NULL)
                                {
-                                       pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "%s request sent before authentication was completed", msg_type_string);
+                                       snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "%s request sent before authentication was completed", msg_type_string);
                                }
                                else
                                {
                                }
                                else
                                {
-                                       pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Message of type %u sent before authentication was completed", header.type);
+                                       snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Message of type %u sent before authentication was completed", header.type);
                                }
                                if (rpcap_senderror(pars.sockctrl, pars.ssl,
                                }
                                if (rpcap_senderror(pars.sockctrl, pars.ssl,
-                                   pars.protocol_version, PCAP_ERR_WRONGMSG,
+                                   header.ver, PCAP_ERR_WRONGMSG,
                                    errmsgbuf, errbuf) == -1)
                                {
                                        rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                                    errmsgbuf, errbuf) == -1)
                                {
                                        rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
@@ -489,14 +677,14 @@ daemon_serviceloop(SOCKET sockctrl, int isactive, char *passiveClients,
                                msg_type_string = rpcap_msg_type_string(header.type);
                                if (msg_type_string != NULL)
                                {
                                msg_type_string = rpcap_msg_type_string(header.type);
                                if (msg_type_string != NULL)
                                {
-                                       pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message %s received from client", msg_type_string);
+                                       snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message %s received from client", msg_type_string);
                                }
                                else
                                {
                                }
                                else
                                {
-                                       pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message of type %u received from client", header.type);
+                                       snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message of type %u received from client", header.type);
                                }
                                if (rpcap_senderror(pars.sockctrl, pars.ssl,
                                }
                                if (rpcap_senderror(pars.sockctrl, pars.ssl,
-                                   pars.protocol_version, PCAP_ERR_WRONGMSG,
+                                   header.ver, PCAP_ERR_WRONGMSG,
                                    errmsgbuf, errbuf) == -1)
                                {
                                        rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                                    errmsgbuf, errbuf) == -1)
                                {
                                        rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
@@ -514,9 +702,9 @@ daemon_serviceloop(SOCKET sockctrl, int isactive, char *passiveClients,
                                //
                                // Unknown message type.
                                //
                                //
                                // Unknown message type.
                                //
-                               pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Unknown message type %u", header.type);
+                               snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Unknown message type %u", header.type);
                                if (rpcap_senderror(pars.sockctrl, pars.ssl,
                                if (rpcap_senderror(pars.sockctrl, pars.ssl,
-                                   pars.protocol_version, PCAP_ERR_WRONGMSG,
+                                   header.ver, PCAP_ERR_WRONGMSG,
                                    errmsgbuf, errbuf) == -1)
                                {
                                        rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                                    errmsgbuf, errbuf) == -1)
                                {
                                        rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
@@ -561,7 +749,7 @@ daemon_serviceloop(SOCKET sockctrl, int isactive, char *passiveClients,
                //
                // Be carefully: the capture can have been started, but an error occurred (so session != NULL, but
                //  sockdata is 0
                //
                // Be carefully: the capture can have been started, but an error occurred (so session != NULL, but
                //  sockdata is 0
-               if ((!pars.isactive) &&  ((session == NULL) || ((session != NULL) && (session->sockdata == 0))))
+               if ((!pars.isactive) && (session == NULL || session->sockdata == 0))
                {
                        // Check for the initial timeout
                        FD_ZERO(&rfds);
                {
                        // Check for the initial timeout
                        FD_ZERO(&rfds);
@@ -570,13 +758,17 @@ daemon_serviceloop(SOCKET sockctrl, int isactive, char *passiveClients,
                        tv.tv_usec = 0;
 
                        FD_SET(pars.sockctrl, &rfds);
                        tv.tv_usec = 0;
 
                        FD_SET(pars.sockctrl, &rfds);
-
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+                       retval = 1;
+#else
                        retval = select((int)pars.sockctrl + 1, &rfds, NULL, NULL, &tv);
                        retval = select((int)pars.sockctrl + 1, &rfds, NULL, NULL, &tv);
+#endif
                        if (retval == -1)
                        {
                        if (retval == -1)
                        {
-                               sock_geterror("select failed: ", errmsgbuf, PCAP_ERRBUF_SIZE);
+                               sock_geterrmsg(errmsgbuf, PCAP_ERRBUF_SIZE,
+                                   "select() failed");
                                if (rpcap_senderror(pars.sockctrl, pars.ssl,
                                if (rpcap_senderror(pars.sockctrl, pars.ssl,
-                                   pars.protocol_version, PCAP_ERR_NETW,
+                                   0, PCAP_ERR_NETW,
                                    errmsgbuf, errbuf) == -1)
                                        rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                                goto end;
                                    errmsgbuf, errbuf) == -1)
                                        rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                                goto end;
@@ -587,8 +779,7 @@ daemon_serviceloop(SOCKET sockctrl, int isactive, char *passiveClients,
                        if (retval == 0)
                        {
                                if (rpcap_senderror(pars.sockctrl, pars.ssl,
                        if (retval == 0)
                        {
                                if (rpcap_senderror(pars.sockctrl, pars.ssl,
-                                   pars.protocol_version,
-                                   PCAP_ERR_INITTIMEOUT,
+                                   0, PCAP_ERR_INITTIMEOUT,
                                    "The RPCAP initial timeout has expired",
                                    errbuf) == -1)
                                        rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                                    "The RPCAP initial timeout has expired",
                                    errbuf) == -1)
                                        rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
@@ -614,21 +805,20 @@ daemon_serviceloop(SOCKET sockctrl, int isactive, char *passiveClients,
                plen = header.plen;
 
                //
                plen = header.plen;
 
                //
-               // Did the client specify the version we negotiated?
+               // Did the client specify a protocol version that we
+               // support?
                //
                //
-               // For now, there's only one version.
-               //
-               if (header.ver != pars.protocol_version)
+               if (!RPCAP_VERSION_IS_SUPPORTED(header.ver))
                {
                        //
                {
                        //
-                       // Tell them it's not the negotiated version.
+                       // Tell them it's not a supported version.
                        // Send the error message with their version,
                        // so they don't reject it as having the wrong
                        // version.
                        //
                        if (rpcap_senderror(pars.sockctrl, pars.ssl,
                            header.ver, PCAP_ERR_WRONGVER,
                        // Send the error message with their version,
                        // so they don't reject it as having the wrong
                        // version.
                        //
                        if (rpcap_senderror(pars.sockctrl, pars.ssl,
                            header.ver, PCAP_ERR_WRONGVER,
-                           "RPCAP version in message isn't the negotiated version",
+                           "RPCAP version in message isn't supported by the server",
                            errbuf) == -1)
                        {
                                // That failed; log a message and give up.
                            errbuf) == -1)
                        {
                                // That failed; log a message and give up.
@@ -654,7 +844,7 @@ daemon_serviceloop(SOCKET sockctrl, int isactive, char *passiveClients,
 
                        case RPCAP_MSG_FINDALLIF_REQ:
                        {
 
                        case RPCAP_MSG_FINDALLIF_REQ:
                        {
-                               if (daemon_msg_findallif_req(&pars, plen) == -1)
+                               if (daemon_msg_findallif_req(header.ver, &pars, plen) == -1)
                                {
                                        // Fatal error; a message has
                                        // been logged, so just give up.
                                {
                                        // Fatal error; a message has
                                        // been logged, so just give up.
@@ -674,7 +864,8 @@ daemon_serviceloop(SOCKET sockctrl, int isactive, char *passiveClients,
                                // us multiple open requests, the last
                                // one wins.
                                //
                                // us multiple open requests, the last
                                // one wins.
                                //
-                               retval = daemon_msg_open_req(&pars, plen, source, sizeof(source));
+                               retval = daemon_msg_open_req(header.ver, &pars,
+                                   plen, source, sizeof(source));
                                if (retval == -1)
                                {
                                        // Fatal error; a message has
                                if (retval == -1)
                                {
                                        // Fatal error; a message has
@@ -692,7 +883,7 @@ daemon_serviceloop(SOCKET sockctrl, int isactive, char *passiveClients,
                                        // They never told us what device
                                        // to capture on!
                                        if (rpcap_senderror(pars.sockctrl, pars.ssl,
                                        // They never told us what device
                                        // to capture on!
                                        if (rpcap_senderror(pars.sockctrl, pars.ssl,
-                                           pars.protocol_version,
+                                           header.ver,
                                            PCAP_ERR_STARTCAPTURE,
                                            "No capture device was specified",
                                            errbuf) == -1)
                                            PCAP_ERR_STARTCAPTURE,
                                            "No capture device was specified",
                                            errbuf) == -1)
@@ -709,7 +900,9 @@ daemon_serviceloop(SOCKET sockctrl, int isactive, char *passiveClients,
                                        break;
                                }
 
                                        break;
                                }
 
-                               if (daemon_msg_startcap_req(&pars, plen, source, &session, &samp_param, uses_ssl) == -1)
+                               if (daemon_msg_startcap_req(header.ver, &pars,
+                                   plen, source, &session, &samp_param,
+                                   uses_ssl) == -1)
                                {
                                        // Fatal error; a message has
                                        // been logged, so just give up.
                                {
                                        // Fatal error; a message has
                                        // been logged, so just give up.
@@ -722,7 +915,8 @@ daemon_serviceloop(SOCKET sockctrl, int isactive, char *passiveClients,
                        {
                                if (session)
                                {
                        {
                                if (session)
                                {
-                                       if (daemon_msg_updatefilter_req(&pars, session, plen) == -1)
+                                       if (daemon_msg_updatefilter_req(header.ver,
+                                           &pars, session, plen) == -1)
                                        {
                                                // Fatal error; a message has
                                                // been logged, so just give up.
                                        {
                                                // Fatal error; a message has
                                                // been logged, so just give up.
@@ -732,7 +926,7 @@ daemon_serviceloop(SOCKET sockctrl, int isactive, char *passiveClients,
                                else
                                {
                                        if (rpcap_senderror(pars.sockctrl, pars.ssl,
                                else
                                {
                                        if (rpcap_senderror(pars.sockctrl, pars.ssl,
-                                           pars.protocol_version,
+                                           header.ver,
                                            PCAP_ERR_UPDATEFILTER,
                                            "Device not opened. Cannot update filter",
                                            errbuf) == -1)
                                            PCAP_ERR_UPDATEFILTER,
                                            "Device not opened. Cannot update filter",
                                            errbuf) == -1)
@@ -759,7 +953,8 @@ daemon_serviceloop(SOCKET sockctrl, int isactive, char *passiveClients,
 
                        case RPCAP_MSG_STATS_REQ:
                        {
 
                        case RPCAP_MSG_STATS_REQ:
                        {
-                               if (daemon_msg_stats_req(&pars, session, plen, &stats, svrcapt) == -1)
+                               if (daemon_msg_stats_req(header.ver, &pars,
+                                   session, plen, &stats, svrcapt) == -1)
                                {
                                        // Fatal error; a message has
                                        // been logged, so just give up.
                                {
                                        // Fatal error; a message has
                                        // been logged, so just give up.
@@ -785,7 +980,8 @@ daemon_serviceloop(SOCKET sockctrl, int isactive, char *passiveClients,
                                                svrcapt = 0;
                                        }
 
                                                svrcapt = 0;
                                        }
 
-                                       if (daemon_msg_endcap_req(&pars, session) == -1)
+                                       if (daemon_msg_endcap_req(header.ver,
+                                           &pars, session) == -1)
                                        {
                                                free(session);
                                                session = NULL;
                                        {
                                                free(session);
                                                session = NULL;
@@ -799,7 +995,7 @@ daemon_serviceloop(SOCKET sockctrl, int isactive, char *passiveClients,
                                else
                                {
                                        rpcap_senderror(pars.sockctrl, pars.ssl,
                                else
                                {
                                        rpcap_senderror(pars.sockctrl, pars.ssl,
-                                           pars.protocol_version,
+                                           header.ver,
                                            PCAP_ERR_ENDCAPTURE,
                                            "Device not opened. Cannot close the capture",
                                            errbuf);
                                            PCAP_ERR_ENDCAPTURE,
                                            "Device not opened. Cannot close the capture",
                                            errbuf);
@@ -809,7 +1005,8 @@ daemon_serviceloop(SOCKET sockctrl, int isactive, char *passiveClients,
 
                        case RPCAP_MSG_SETSAMPLING_REQ:
                        {
 
                        case RPCAP_MSG_SETSAMPLING_REQ:
                        {
-                               if (daemon_msg_setsampling_req(&pars, plen, &samp_param) == -1)
+                               if (daemon_msg_setsampling_req(header.ver,
+                                   &pars, plen, &samp_param) == -1)
                                {
                                        // Fatal error; a message has
                                        // been logged, so just give up.
                                {
                                        // Fatal error; a message has
                                        // been logged, so just give up.
@@ -826,7 +1023,7 @@ daemon_serviceloop(SOCKET sockctrl, int isactive, char *passiveClients,
                                //
                                rpcapd_log(LOGPRIO_INFO, "The client sent an RPCAP_MSG_AUTH_REQ message after authentication was completed");
                                if (rpcap_senderror(pars.sockctrl, pars.ssl,
                                //
                                rpcapd_log(LOGPRIO_INFO, "The client sent an RPCAP_MSG_AUTH_REQ message after authentication was completed");
                                if (rpcap_senderror(pars.sockctrl, pars.ssl,
-                                   pars.protocol_version,
+                                   header.ver,
                                    PCAP_ERR_WRONGMSG,
                                    "RPCAP_MSG_AUTH_REQ request sent after authentication was completed",
                                    errbuf) == -1)
                                    PCAP_ERR_WRONGMSG,
                                    "RPCAP_MSG_AUTH_REQ request sent after authentication was completed",
                                    errbuf) == -1)
@@ -858,15 +1055,15 @@ daemon_serviceloop(SOCKET sockctrl, int isactive, char *passiveClients,
                                if (msg_type_string != NULL)
                                {
                                        rpcapd_log(LOGPRIO_INFO, "The client sent a %s server-to-client message", msg_type_string);
                                if (msg_type_string != NULL)
                                {
                                        rpcapd_log(LOGPRIO_INFO, "The client sent a %s server-to-client message", msg_type_string);
-                                       pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message %s received from client", msg_type_string);
+                                       snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message %s received from client", msg_type_string);
                                }
                                else
                                {
                                        rpcapd_log(LOGPRIO_INFO, "The client sent a server-to-client message of type %u", header.type);
                                }
                                else
                                {
                                        rpcapd_log(LOGPRIO_INFO, "The client sent a server-to-client message of type %u", header.type);
-                                       pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message of type %u received from client", header.type);
+                                       snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Server-to-client message of type %u received from client", header.type);
                                }
                                if (rpcap_senderror(pars.sockctrl, pars.ssl,
                                }
                                if (rpcap_senderror(pars.sockctrl, pars.ssl,
-                                   pars.protocol_version, PCAP_ERR_WRONGMSG,
+                                   header.ver, PCAP_ERR_WRONGMSG,
                                    errmsgbuf, errbuf) == -1)
                                {
                                        rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                                    errmsgbuf, errbuf) == -1)
                                {
                                        rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
@@ -885,9 +1082,9 @@ daemon_serviceloop(SOCKET sockctrl, int isactive, char *passiveClients,
                                // Unknown message type.
                                //
                                rpcapd_log(LOGPRIO_INFO, "The client sent a message of type %u", header.type);
                                // Unknown message type.
                                //
                                rpcapd_log(LOGPRIO_INFO, "The client sent a message of type %u", header.type);
-                               pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Unknown message type %u", header.type);
+                               snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Unknown message type %u", header.type);
                                if (rpcap_senderror(pars.sockctrl, pars.ssl,
                                if (rpcap_senderror(pars.sockctrl, pars.ssl,
-                                   pars.protocol_version, PCAP_ERR_WRONGMSG,
+                                   header.ver, PCAP_ERR_WRONGMSG,
                                    errbuf, errmsgbuf) == -1)
                                {
                                        rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                                    errbuf, errmsgbuf) == -1)
                                {
                                        rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
@@ -914,21 +1111,25 @@ end:
                session = NULL;
        }
 
                session = NULL;
        }
 
+       if (passiveClients) {
+               free(passiveClients);
+       }
        //
        //
-       // Free the SSL handle for the control socket, if we have one,
-       // and close the control socket.
+       // Finish using the SSL handle for the control socket, if we
+       // have an SSL connection, and close the control socket.
        //
 #ifdef HAVE_OPENSSL
        if (ssl)
        {
        //
 #ifdef HAVE_OPENSSL
        if (ssl)
        {
-               SSL_free(ssl);
+               // Finish using the SSL handle for the socket.
+               // This must be done *before* the socket is closed.
+               ssl_finish(ssl);
        }
 #endif
        sock_close(sockctrl, NULL, 0);
 
        // Print message and return
        rpcapd_log(LOGPRIO_DEBUG, "I'm exiting from the child loop");
        }
 #endif
        sock_close(sockctrl, NULL, 0);
 
        // Print message and return
        rpcapd_log(LOGPRIO_DEBUG, "I'm exiting from the child loop");
-       rpcapd_log(LOGPRIO_DEBUG, "%s", errbuf);
 
        return client_told_us_to_close;
 }
 
        return client_told_us_to_close;
 }
@@ -1020,9 +1221,11 @@ daemon_msg_auth_req(struct daemon_slpars *pars, uint32 plen)
 {
        char errbuf[PCAP_ERRBUF_SIZE];          // buffer for network errors
        char errmsgbuf[PCAP_ERRBUF_SIZE];       // buffer for errors to send to the client
 {
        char errbuf[PCAP_ERRBUF_SIZE];          // buffer for network errors
        char errmsgbuf[PCAP_ERRBUF_SIZE];       // buffer for errors to send to the client
-       struct rpcap_header header;             // RPCAP message general header
        int status;
        struct rpcap_auth auth;                 // RPCAP authentication header
        int status;
        struct rpcap_auth auth;                 // RPCAP authentication header
+       char sendbuf[RPCAP_NETBUF_SIZE];        // temporary buffer in which data to be sent is buffered
+       int sendbufidx = 0;                     // index which keeps the number of bytes currently buffered
+       struct rpcap_authreply *authreply;      // authentication reply message
 
        status = rpcapd_recv(pars->sockctrl, pars->ssl, (char *) &auth, sizeof(struct rpcap_auth), &plen, errmsgbuf);
        if (status == -1)
 
        status = rpcapd_recv(pars->sockctrl, pars->ssl, (char *) &auth, sizeof(struct rpcap_auth), &plen, errmsgbuf);
        if (status == -1)
@@ -1041,8 +1244,16 @@ daemon_msg_auth_req(struct daemon_slpars *pars, uint32 plen)
                        if (!pars->nullAuthAllowed)
                        {
                                // Send the client an error reply.
                        if (!pars->nullAuthAllowed)
                        {
                                // Send the client an error reply.
-                               pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Authentication failed; NULL authentication not permitted.");
-                               goto error;
+                               snprintf(errmsgbuf, PCAP_ERRBUF_SIZE,
+                                   "Authentication failed; NULL authentication not permitted.");
+                               if (rpcap_senderror(pars->sockctrl, pars->ssl,
+                                   0, PCAP_ERR_AUTH_FAILED, errmsgbuf, errbuf) == -1)
+                               {
+                                       // That failed; log a message and give up.
+                                       rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
+                                       return -1;
+                               }
+                               goto error_noreply;
                        }
                        break;
                }
                        }
                        break;
                }
@@ -1106,8 +1317,7 @@ daemon_msg_auth_req(struct daemon_slpars *pars, uint32 plen)
                                free(username);
                                free(passwd);
                                if (rpcap_senderror(pars->sockctrl, pars->ssl,
                                free(username);
                                free(passwd);
                                if (rpcap_senderror(pars->sockctrl, pars->ssl,
-                                   pars->protocol_version,
-                                   PCAP_ERR_AUTH, errmsgbuf, errbuf) == -1)
+                                   0, PCAP_ERR_AUTH_FAILED, errmsgbuf, errbuf) == -1)
                                {
                                        // That failed; log a message and give up.
                                        rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                                {
                                        // That failed; log a message and give up.
                                        rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
@@ -1134,17 +1344,48 @@ daemon_msg_auth_req(struct daemon_slpars *pars, uint32 plen)
                        }
 
                default:
                        }
 
                default:
-                       pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Authentication type not recognized.");
-                       goto error;
+                       snprintf(errmsgbuf, PCAP_ERRBUF_SIZE,
+                           "Authentication type not recognized.");
+                       if (rpcap_senderror(pars->sockctrl, pars->ssl,
+                           0, PCAP_ERR_AUTH_TYPE_NOTSUP, errmsgbuf, errbuf) == -1)
+                       {
+                               // That failed; log a message and give up.
+                               rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
+                               return -1;
+                       }
+                       goto error_noreply;
        }
 
        // The authentication succeeded; let the client know.
        }
 
        // The authentication succeeded; let the client know.
-       rpcap_createhdr(&header, pars->protocol_version, RPCAP_MSG_AUTH_REPLY, 0, 0);
+       if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL, &sendbufidx,
+           RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
+               goto error;
 
 
-       // Send the ok message back
-       if (sock_send(pars->sockctrl, pars->ssl, (char *) &header, sizeof (struct rpcap_header), errbuf, PCAP_ERRBUF_SIZE) == -1)
+       rpcap_createhdr((struct rpcap_header *) sendbuf, 0,
+           RPCAP_MSG_AUTH_REPLY, 0, sizeof(struct rpcap_authreply));
+
+       authreply = (struct rpcap_authreply *) &sendbuf[sendbufidx];
+
+       if (sock_bufferize(NULL, sizeof(struct rpcap_authreply), NULL, &sendbufidx,
+           RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
+               goto error;
+
+       //
+       // Indicate to our peer what versions we support and what our
+       // version of the byte-order magic is (which will tell the
+       // client whether our byte order differs from theirs, in which
+       // case they will need to byte-swap some fields in some
+       // link-layer types' headers).
+       //
+       memset(authreply, 0, sizeof(struct rpcap_authreply));
+       authreply->minvers = RPCAP_MIN_VERSION;
+       authreply->maxvers = RPCAP_MAX_VERSION;
+       authreply->byte_order_magic = RPCAP_BYTE_ORDER_MAGIC;
+
+       // Send the reply.
+       if (sock_send(pars->sockctrl, pars->ssl, sendbuf, sendbufidx, errbuf, PCAP_ERRBUF_SIZE) == -1)
        {
        {
-               // That failed; log a messsage and give up.
+               // That failed; log a message and give up.
                rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                return -1;
        }
                rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                return -1;
        }
@@ -1158,8 +1399,8 @@ daemon_msg_auth_req(struct daemon_slpars *pars, uint32 plen)
        return 0;
 
 error:
        return 0;
 
 error:
-       if (rpcap_senderror(pars->sockctrl, pars->ssl, pars->protocol_version,
-           PCAP_ERR_AUTH, errmsgbuf, errbuf) == -1)
+       if (rpcap_senderror(pars->sockctrl, pars->ssl, 0, PCAP_ERR_AUTH,
+           errmsgbuf, errbuf) == -1)
        {
                // That failed; log a message and give up.
                rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
        {
                // That failed; log a message and give up.
                rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
@@ -1188,11 +1429,32 @@ daemon_AuthUserPwd(char *username, char *password, char *errbuf)
         * policies, user right assignment)
         * However, it seems to me that if you run it as a service, this
         * right should be provided by default.
         * policies, user right assignment)
         * However, it seems to me that if you run it as a service, this
         * right should be provided by default.
+        *
+        * XXX - hopefully, this returns errors such as ERROR_LOGON_FAILURE,
+        * which merely indicates that the user name or password is
+        * incorrect, not whether it's the user name or the password
+        * that's incorrect, so a client that's trying to brute-force
+        * accounts doesn't know whether it's the user name or the
+        * password that's incorrect, so it doesn't know whether to
+        * stop trying to log in with a given user name and move on
+        * to another user name.
         */
         */
+       DWORD error;
        HANDLE Token;
        HANDLE Token;
+       char errmsgbuf[PCAP_ERRBUF_SIZE];       // buffer for errors to log
+
        if (LogonUser(username, ".", password, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, &Token) == 0)
        {
        if (LogonUser(username, ".", password, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, &Token) == 0)
        {
-               pcap_win32_err_to_str(GetLastError(), errbuf);
+               snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed");
+               error = GetLastError();
+               if (error != ERROR_LOGON_FAILURE)
+               {
+                       // Some error other than an authentication error;
+                       // log it.
+                       pcap_fmt_errmsg_for_win32_err(errmsgbuf,
+                           PCAP_ERRBUF_SIZE, error, "LogonUser() failed");
+                       rpcapd_log(LOGPRIO_ERROR, "%s", errmsgbuf);
+               }
                return -1;
        }
 
                return -1;
        }
 
@@ -1200,7 +1462,10 @@ daemon_AuthUserPwd(char *username, char *password, char *errbuf)
        // I didn't test it.
        if (ImpersonateLoggedOnUser(Token) == 0)
        {
        // I didn't test it.
        if (ImpersonateLoggedOnUser(Token) == 0)
        {
-               pcap_win32_err_to_str(GetLastError(), errbuf);
+               snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed");
+               pcap_fmt_errmsg_for_win32_err(errmsgbuf, PCAP_ERRBUF_SIZE,
+                   GetLastError(), "ImpersonateLoggedOnUser() failed");
+               rpcapd_log(LOGPRIO_ERROR, "%s", errmsgbuf);
                CloseHandle(Token);
                return -1;
        }
                CloseHandle(Token);
                return -1;
        }
@@ -1212,7 +1477,7 @@ daemon_AuthUserPwd(char *username, char *password, char *errbuf)
        /*
         * See
         *
        /*
         * See
         *
-        *      http://www.unixpapa.com/incnote/passwd.html
+        *      https://www.unixpapa.com/incnote/passwd.html
         *
         * We use the Solaris/Linux shadow password authentication if
         * we have getspnam(), otherwise we just do traditional
         *
         * We use the Solaris/Linux shadow password authentication if
         * we have getspnam(), otherwise we just do traditional
@@ -1228,16 +1493,18 @@ daemon_AuthUserPwd(char *username, char *password, char *errbuf)
         * only password database or some other authentication mechanism,
         * behind its API.
         */
         * only password database or some other authentication mechanism,
         * behind its API.
         */
+       int error;
        struct passwd *user;
        char *user_password;
 #ifdef HAVE_GETSPNAM
        struct spwd *usersp;
 #endif
        struct passwd *user;
        char *user_password;
 #ifdef HAVE_GETSPNAM
        struct spwd *usersp;
 #endif
+       char *crypt_password;
 
        // This call is needed to get the uid
        if ((user = getpwnam(username)) == NULL)
        {
 
        // This call is needed to get the uid
        if ((user = getpwnam(username)) == NULL)
        {
-               pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed: no such user");
+               snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed");
                return -1;
        }
 
                return -1;
        }
 
@@ -1245,7 +1512,7 @@ daemon_AuthUserPwd(char *username, char *password, char *errbuf)
        // This call is needed to get the password; otherwise 'x' is returned
        if ((usersp = getspnam(username)) == NULL)
        {
        // This call is needed to get the password; otherwise 'x' is returned
        if ((usersp = getspnam(username)) == NULL)
        {
-               pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed: no such user");
+               snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed");
                return -1;
        }
        user_password = usersp->sp_pwdp;
                return -1;
        }
        user_password = usersp->sp_pwdp;
@@ -1263,23 +1530,52 @@ daemon_AuthUserPwd(char *username, char *password, char *errbuf)
        user_password = user->pw_passwd;
 #endif
 
        user_password = user->pw_passwd;
 #endif
 
-       if (strcmp(user_password, (char *) crypt(password, user_password)) != 0)
+       //
+       // The Single UNIX Specification says that if crypt() fails it
+       // sets errno, but some implementatons that haven't been run
+       // through the SUS test suite might not do so.
+       //
+       errno = 0;
+       crypt_password = crypt(password, user_password);
+       if (crypt_password == NULL)
+       {
+               error = errno;
+               snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed");
+               if (error == 0)
+               {
+                       // It didn't set errno.
+                       rpcapd_log(LOGPRIO_ERROR, "crypt() failed");
+               }
+               else
+               {
+                       rpcapd_log(LOGPRIO_ERROR, "crypt() failed: %s",
+                           strerror(error));
+               }
+               return -1;
+       }
+       if (strcmp(user_password, crypt_password) != 0)
        {
        {
-               pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed: password incorrect");
+               snprintf(errbuf, PCAP_ERRBUF_SIZE, "Authentication failed");
                return -1;
        }
 
        if (setuid(user->pw_uid))
        {
                return -1;
        }
 
        if (setuid(user->pw_uid))
        {
+               error = errno;
                pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
                pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
-                   errno, "setuid");
+                   error, "setuid");
+               rpcapd_log(LOGPRIO_ERROR, "setuid() failed: %s",
+                   strerror(error));
                return -1;
        }
 
 /*     if (setgid(user->pw_gid))
        {
                return -1;
        }
 
 /*     if (setgid(user->pw_gid))
        {
+               error = errno;
                pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
                    errno, "setgid");
                pcap_fmt_errmsg_for_errno(errbuf, PCAP_ERRBUF_SIZE,
                    errno, "setgid");
+               rpcapd_log(LOGPRIO_ERROR, "setgid() failed: %s",
+                   strerror(error));
                return -1;
        }
 */
                return -1;
        }
 */
@@ -1289,8 +1585,23 @@ daemon_AuthUserPwd(char *username, char *password, char *errbuf)
 
 }
 
 
 }
 
+/*
+ * Make sure that the reply length won't overflow 32 bits if we add the
+ * specified amount to it.  If it won't, add that amount to it.
+ *
+ * We check whether replylen + itemlen > UINT32_MAX, but subtract itemlen
+ * from both sides, to prevent overflow.
+ */
+#define CHECK_AND_INCREASE_REPLY_LEN(itemlen) \
+       if (replylen > UINT32_MAX - (itemlen)) { \
+               pcap_strlcpy(errmsgbuf, "Reply length doesn't fit in 32 bits", \
+                   sizeof (errmsgbuf)); \
+               goto error; \
+       } \
+       replylen += (uint32)(itemlen)
+
 static int
 static int
-daemon_msg_findallif_req(struct daemon_slpars *pars, uint32 plen)
+daemon_msg_findallif_req(uint8 ver, struct daemon_slpars *pars, uint32 plen)
 {
        char errbuf[PCAP_ERRBUF_SIZE];          // buffer for network errors
        char errmsgbuf[PCAP_ERRBUF_SIZE];       // buffer for errors to send to the client
 {
        char errbuf[PCAP_ERRBUF_SIZE];          // buffer for network errors
        char errmsgbuf[PCAP_ERRBUF_SIZE];       // buffer for errors to send to the client
@@ -1299,7 +1610,7 @@ daemon_msg_findallif_req(struct daemon_slpars *pars, uint32 plen)
        pcap_if_t *alldevs = NULL;              // pointer to the header of the interface chain
        pcap_if_t *d;                           // temp pointer needed to scan the interface chain
        struct pcap_addr *address;              // pcap structure that keeps a network address of an interface
        pcap_if_t *alldevs = NULL;              // pointer to the header of the interface chain
        pcap_if_t *d;                           // temp pointer needed to scan the interface chain
        struct pcap_addr *address;              // pcap structure that keeps a network address of an interface
-       struct rpcap_findalldevs_if *findalldevs_if;// rpcap structure that packet all the data of an interface together
+       uint32 replylen;                        // length of reply payload
        uint16 nif = 0;                         // counts the number of interface listed
 
        // Discard the rest of the message; there shouldn't be any payload.
        uint16 nif = 0;                         // counts the number of interface listed
 
        // Discard the rest of the message; there shouldn't be any payload.
@@ -1315,7 +1626,7 @@ daemon_msg_findallif_req(struct daemon_slpars *pars, uint32 plen)
 
        if (alldevs == NULL)
        {
 
        if (alldevs == NULL)
        {
-               if (rpcap_senderror(pars->sockctrl, pars->ssl, pars->protocol_version,
+               if (rpcap_senderror(pars->sockctrl, pars->ssl, ver,
                        PCAP_ERR_NOREMOTEIF,
                        "No interfaces found! Make sure libpcap/WinPcap is properly installed"
                        " and you have the right to access to the remote device.",
                        PCAP_ERR_NOREMOTEIF,
                        "No interfaces found! Make sure libpcap/WinPcap is properly installed"
                        " and you have the right to access to the remote device.",
@@ -1327,18 +1638,37 @@ daemon_msg_findallif_req(struct daemon_slpars *pars, uint32 plen)
                return 0;
        }
 
                return 0;
        }
 
-       // checks the number of interfaces and it computes the total length of the payload
+       // This checks the number of interfaces and computes the total
+       // length of the payload.
+       replylen = 0;
        for (d = alldevs; d != NULL; d = d->next)
        {
                nif++;
 
        for (d = alldevs; d != NULL; d = d->next)
        {
                nif++;
 
-               if (d->description)
-                       plen+= strlen(d->description);
-               if (d->name)
-                       plen+= strlen(d->name);
+               if (d->description) {
+                       size_t stringlen = strlen(d->description);
+                       if (stringlen > UINT16_MAX) {
+                               pcap_strlcpy(errmsgbuf,
+                                   "Description length doesn't fit in 16 bits",
+                                   sizeof (errmsgbuf));
+                               goto error;
+                       }
+                       CHECK_AND_INCREASE_REPLY_LEN(stringlen);
+               }
+               if (d->name) {
+                       size_t stringlen = strlen(d->name);
+                       if (stringlen > UINT16_MAX) {
+                               pcap_strlcpy(errmsgbuf,
+                                   "Name length doesn't fit in 16 bits",
+                                   sizeof (errmsgbuf));
+                               goto error;
+                       }
+                       CHECK_AND_INCREASE_REPLY_LEN(stringlen);
+               }
 
 
-               plen+= sizeof(struct rpcap_findalldevs_if);
+               CHECK_AND_INCREASE_REPLY_LEN(sizeof(struct rpcap_findalldevs_if));
 
 
+               uint16_t naddrs = 0;
                for (address = d->addresses; address != NULL; address = address->next)
                {
                        /*
                for (address = d->addresses; address != NULL; address = address->next)
                {
                        /*
@@ -1350,7 +1680,14 @@ daemon_msg_findallif_req(struct daemon_slpars *pars, uint32 plen)
 #ifdef AF_INET6
                        case AF_INET6:
 #endif
 #ifdef AF_INET6
                        case AF_INET6:
 #endif
-                               plen+= (sizeof(struct rpcap_sockaddr) * 4);
+                               CHECK_AND_INCREASE_REPLY_LEN(sizeof(struct rpcap_sockaddr) * 4);
+                               if (naddrs == UINT16_MAX) {
+                                       pcap_strlcpy(errmsgbuf,
+                                           "Number of interfaces doesn't fit in 16 bits",
+                                           sizeof (errmsgbuf));
+                                       goto error;
+                               }
+                               naddrs++;
                                break;
 
                        default:
                                break;
 
                        default:
@@ -1359,37 +1696,50 @@ daemon_msg_findallif_req(struct daemon_slpars *pars, uint32 plen)
                }
        }
 
                }
        }
 
-       // RPCAP findalldevs command
+       // RPCAP findalldevs reply
        if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL,
            &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf,
            PCAP_ERRBUF_SIZE) == -1)
                goto error;
 
        if (sock_bufferize(NULL, sizeof(struct rpcap_header), NULL,
            &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf,
            PCAP_ERRBUF_SIZE) == -1)
                goto error;
 
-       rpcap_createhdr((struct rpcap_header *) sendbuf, pars->protocol_version,
-           RPCAP_MSG_FINDALLIF_REPLY, nif, plen);
+       rpcap_createhdr((struct rpcap_header *) sendbuf, ver,
+           RPCAP_MSG_FINDALLIF_REPLY, nif, replylen);
 
        // send the interface list
        for (d = alldevs; d != NULL; d = d->next)
        {
                uint16 lname, ldescr;
 
 
        // send the interface list
        for (d = alldevs; d != NULL; d = d->next)
        {
                uint16 lname, ldescr;
 
-               findalldevs_if = (struct rpcap_findalldevs_if *) &sendbuf[sendbufidx];
-
-               if (sock_bufferize(NULL, sizeof(struct rpcap_findalldevs_if), NULL,
-                   &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
-                       goto error;
+               // Note: the findalldevs_if entries are *not* neatly
+               // aligned on 4-byte boundaries, because they're
+               // preceded by strings that aren't padded to 4-byte
+               // boundaries, so we cannot just cast output buffer
+               // boundaries to struct rpcap_findalldevs_if pointers
+               // and store into them - we must fill in a structure and
+               // then copy the structure to the buffer, as not all
+               // systems support unaligned access (some, such as
+               // SPARC, crash; others, such as Arm, may just ignore
+               // the lower-order bits).
+               struct rpcap_findalldevs_if findalldevs_if;
 
 
-               memset(findalldevs_if, 0, sizeof(struct rpcap_findalldevs_if));
-
-               if (d->description) ldescr = (short) strlen(d->description);
-               else ldescr = 0;
-               if (d->name) lname = (short) strlen(d->name);
-               else lname = 0;
+               /*
+                * We've already established that the string lengths
+                * fit in 16 bits.
+                */
+               if (d->description)
+                       ldescr = (uint16) strlen(d->description);
+               else
+                       ldescr = 0;
+               if (d->name)
+                       lname = (uint16) strlen(d->name);
+               else
+                       lname = 0;
 
 
-               findalldevs_if->desclen = htons(ldescr);
-               findalldevs_if->namelen = htons(lname);
-               findalldevs_if->flags = htonl(d->flags);
+               findalldevs_if.desclen = htons(ldescr);
+               findalldevs_if.namelen = htons(lname);
+               findalldevs_if.flags = htonl(d->flags);
 
 
+               uint16_t naddrs = 0;
                for (address = d->addresses; address != NULL; address = address->next)
                {
                        /*
                for (address = d->addresses; address != NULL; address = address->next)
                {
                        /*
@@ -1401,14 +1751,20 @@ daemon_msg_findallif_req(struct daemon_slpars *pars, uint32 plen)
 #ifdef AF_INET6
                        case AF_INET6:
 #endif
 #ifdef AF_INET6
                        case AF_INET6:
 #endif
-                               findalldevs_if->naddr++;
+                               naddrs++;
                                break;
 
                        default:
                                break;
                        }
                }
                                break;
 
                        default:
                                break;
                        }
                }
-               findalldevs_if->naddr = htons(findalldevs_if->naddr);
+               findalldevs_if.naddr = htons(naddrs);
+               findalldevs_if.dummy = 0;
+
+               if (sock_bufferize(&findalldevs_if, sizeof(struct rpcap_findalldevs_if), sendbuf,
+                   &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_BUFFERIZE, errmsgbuf,
+                   PCAP_ERRBUF_SIZE) == -1)
+                       goto error;
 
                if (sock_bufferize(d->name, lname, sendbuf, &sendbufidx,
                    RPCAP_NETBUF_SIZE, SOCKBUF_BUFFERIZE, errmsgbuf,
 
                if (sock_bufferize(d->name, lname, sendbuf, &sendbufidx,
                    RPCAP_NETBUF_SIZE, SOCKBUF_BUFFERIZE, errmsgbuf,
@@ -1481,7 +1837,7 @@ error:
        if (alldevs)
                pcap_freealldevs(alldevs);
 
        if (alldevs)
                pcap_freealldevs(alldevs);
 
-       if (rpcap_senderror(pars->sockctrl, pars->ssl, pars->protocol_version,
+       if (rpcap_senderror(pars->sockctrl, pars->ssl, ver,
            PCAP_ERR_FINDALLIF, errmsgbuf, errbuf) == -1)
        {
                rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
            PCAP_ERR_FINDALLIF, errmsgbuf, errbuf) == -1)
        {
                rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
@@ -1495,7 +1851,8 @@ error:
        to discard excess data in the message, if present)
 */
 static int
        to discard excess data in the message, if present)
 */
 static int
-daemon_msg_open_req(struct daemon_slpars *pars, uint32 plen, char *source, size_t sourcelen)
+daemon_msg_open_req(uint8 ver, struct daemon_slpars *pars, uint32 plen,
+    char *source, size_t sourcelen)
 {
        char errbuf[PCAP_ERRBUF_SIZE];          // buffer for network errors
        char errmsgbuf[PCAP_ERRBUF_SIZE];       // buffer for errors to send to the client
 {
        char errbuf[PCAP_ERRBUF_SIZE];          // buffer for network errors
        char errmsgbuf[PCAP_ERRBUF_SIZE];       // buffer for errors to send to the client
@@ -1507,7 +1864,7 @@ daemon_msg_open_req(struct daemon_slpars *pars, uint32 plen, char *source, size_
 
        if (plen > sourcelen - 1)
        {
 
        if (plen > sourcelen - 1)
        {
-               pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Source string too long");
+               snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Source string too long");
                goto error;
        }
 
                goto error;
        }
 
@@ -1521,14 +1878,19 @@ daemon_msg_open_req(struct daemon_slpars *pars, uint32 plen, char *source, size_
        source[nread] = '\0';
        plen -= nread;
 
        source[nread] = '\0';
        plen -= nread;
 
-       // XXX - make sure it's *not* a URL; we don't support opening
-       // remote devices here.
+       // Is this a URL rather than a device?
+       // If so, reject it.
+       if (is_url(source))
+       {
+               snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Source string refers to a remote device");
+               goto error;
+       }
 
        // Open the selected device
        // This is a fake open, since we do that only to get the needed parameters, then we close the device again
        if ((fp = pcap_open_live(source,
                        1500 /* fake snaplen */,
 
        // Open the selected device
        // This is a fake open, since we do that only to get the needed parameters, then we close the device again
        if ((fp = pcap_open_live(source,
                        1500 /* fake snaplen */,
-                       0 /* no promis */,
+                       0 /* no promisc */,
                        1000 /* fake timeout */,
                        errmsgbuf)) == NULL)
                goto error;
                        1000 /* fake timeout */,
                        errmsgbuf)) == NULL)
                goto error;
@@ -1538,7 +1900,7 @@ daemon_msg_open_req(struct daemon_slpars *pars, uint32 plen, char *source, size_
            RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
                goto error;
 
            RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
                goto error;
 
-       rpcap_createhdr((struct rpcap_header *) sendbuf, pars->protocol_version,
+       rpcap_createhdr((struct rpcap_header *) sendbuf, ver,
            RPCAP_MSG_OPEN_REPLY, 0, sizeof(struct rpcap_openreply));
 
        openreply = (struct rpcap_openreply *) &sendbuf[sendbufidx];
            RPCAP_MSG_OPEN_REPLY, 0, sizeof(struct rpcap_openreply));
 
        openreply = (struct rpcap_openreply *) &sendbuf[sendbufidx];
@@ -1549,6 +1911,14 @@ daemon_msg_open_req(struct daemon_slpars *pars, uint32 plen, char *source, size_
 
        memset(openreply, 0, sizeof(struct rpcap_openreply));
        openreply->linktype = htonl(pcap_datalink(fp));
 
        memset(openreply, 0, sizeof(struct rpcap_openreply));
        openreply->linktype = htonl(pcap_datalink(fp));
+       /*
+        * This is always 0 for live captures; we no longer support it
+        * as something we read from capture files and supply to
+        * clients, but we have to send it over the wire, as open
+        * replies are expected to have 8 bytes of payload by
+        * existing clients.
+        */
+       openreply->tzoff = 0;
 
        // We're done with the pcap_t.
        pcap_close(fp);
 
        // We're done with the pcap_t.
        pcap_close(fp);
@@ -1562,8 +1932,8 @@ daemon_msg_open_req(struct daemon_slpars *pars, uint32 plen, char *source, size_
        return 0;
 
 error:
        return 0;
 
 error:
-       if (rpcap_senderror(pars->sockctrl, pars->ssl, pars->protocol_version,
-           PCAP_ERR_OPEN, errmsgbuf, errbuf) == -1)
+       if (rpcap_senderror(pars->sockctrl, pars->ssl, ver, PCAP_ERR_OPEN,
+           errmsgbuf, errbuf) == -1)
        {
                // That failed; log a message and give up.
                rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
        {
                // That failed; log a message and give up.
                rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
@@ -1583,7 +1953,9 @@ error:
        to discard excess data in the message, if present)
 */
 static int
        to discard excess data in the message, if present)
 */
 static int
-daemon_msg_startcap_req(struct daemon_slpars *pars, uint32 plen, char *source, struct session **sessionp, struct rpcap_sampling *samp_param _U_, int uses_ssl)
+daemon_msg_startcap_req(uint8 ver, struct daemon_slpars *pars, uint32 plen,
+    char *source, struct session **sessionp,
+    struct rpcap_sampling *samp_param _U_, int uses_ssl)
 {
        char errbuf[PCAP_ERRBUF_SIZE];          // buffer for network errors
        char errmsgbuf[PCAP_ERRBUF_SIZE];       // buffer for errors to send to the client
 {
        char errbuf[PCAP_ERRBUF_SIZE];          // buffer for network errors
        char errmsgbuf[PCAP_ERRBUF_SIZE];       // buffer for errors to send to the client
@@ -1625,7 +1997,7 @@ daemon_msg_startcap_req(struct daemon_slpars *pars, uint32 plen, char *source, s
        // to enforce encryption, as SSL is not supported yet with UDP:
        if (uses_ssl && (startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_DGRAM))
        {
        // to enforce encryption, as SSL is not supported yet with UDP:
        if (uses_ssl && (startcapreq.flags & RPCAP_STARTCAPREQ_FLAG_DGRAM))
        {
-               pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE,
+               snprintf(errbuf, PCAP_ERRBUF_SIZE,
                    "SSL not supported with UDP forward of remote packets");
                goto error;
        }
                    "SSL not supported with UDP forward of remote packets");
                goto error;
        }
@@ -1634,7 +2006,7 @@ daemon_msg_startcap_req(struct daemon_slpars *pars, uint32 plen, char *source, s
        session = malloc(sizeof(struct session));
        if (session == NULL)
        {
        session = malloc(sizeof(struct session));
        if (session == NULL)
        {
-               pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Can't allocate session structure");
+               snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Can't allocate session structure");
                goto error;
        }
 
                goto error;
        }
 
@@ -1690,7 +2062,8 @@ daemon_msg_startcap_req(struct daemon_slpars *pars, uint32 plen, char *source, s
        saddrlen = sizeof(struct sockaddr_storage);
        if (getpeername(pars->sockctrl, (struct sockaddr *) &saddr, &saddrlen) == -1)
        {
        saddrlen = sizeof(struct sockaddr_storage);
        if (getpeername(pars->sockctrl, (struct sockaddr *) &saddr, &saddrlen) == -1)
        {
-               sock_geterror("getpeername(): ", errmsgbuf, PCAP_ERRBUF_SIZE);
+               sock_geterrmsg(errmsgbuf, PCAP_ERRBUF_SIZE,
+                   "getpeername() failed");
                goto error;
        }
 
                goto error;
        }
 
@@ -1701,38 +2074,40 @@ daemon_msg_startcap_req(struct daemon_slpars *pars, uint32 plen, char *source, s
        // Now we have to create a new socket to send packets
        if (serveropen_dp)              // Data connection is opened by the server toward the client
        {
        // Now we have to create a new socket to send packets
        if (serveropen_dp)              // Data connection is opened by the server toward the client
        {
-               pcap_snprintf(portdata, sizeof portdata, "%d", ntohs(startcapreq.portdata));
+               snprintf(portdata, sizeof portdata, "%d", ntohs(startcapreq.portdata));
 
                // Get the name of the other peer (needed to connect to that specific network address)
                if (getnameinfo((struct sockaddr *) &saddr, saddrlen, peerhost,
                                sizeof(peerhost), NULL, 0, NI_NUMERICHOST))
                {
 
                // Get the name of the other peer (needed to connect to that specific network address)
                if (getnameinfo((struct sockaddr *) &saddr, saddrlen, peerhost,
                                sizeof(peerhost), NULL, 0, NI_NUMERICHOST))
                {
-                       sock_geterror("getnameinfo(): ", errmsgbuf, PCAP_ERRBUF_SIZE);
+                       sock_geterrmsg(errmsgbuf, PCAP_ERRBUF_SIZE,
+                           "getnameinfo() failed");
                        goto error;
                }
 
                if (sock_initaddress(peerhost, portdata, &hints, &addrinfo, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
                        goto error;
 
                        goto error;
                }
 
                if (sock_initaddress(peerhost, portdata, &hints, &addrinfo, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
                        goto error;
 
-               if ((session->sockdata = sock_open(addrinfo, SOCKOPEN_CLIENT, 0, errmsgbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
+               if ((session->sockdata = sock_open(peerhost, addrinfo, SOCKOPEN_CLIENT, 0, errmsgbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
                        goto error;
        }
        else            // Data connection is opened by the client toward the server
        {
                hints.ai_flags = AI_PASSIVE;
 
                        goto error;
        }
        else            // Data connection is opened by the client toward the server
        {
                hints.ai_flags = AI_PASSIVE;
 
-               // Let's the server socket pick up a free network port for us
-               if (sock_initaddress(NULL, "0", &hints, &addrinfo, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
+               // Make the server socket pick up a free network port for us
+               if (sock_initaddress(NULL, NULL, &hints, &addrinfo, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
                        goto error;
 
                        goto error;
 
-               if ((session->sockdata = sock_open(addrinfo, SOCKOPEN_SERVER, 1 /* max 1 connection in queue */, errmsgbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
+               if ((session->sockdata = sock_open(NULL, addrinfo, SOCKOPEN_SERVER, 1 /* max 1 connection in queue */, errmsgbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
                        goto error;
 
                // get the complete sockaddr structure used in the data connection
                saddrlen = sizeof(struct sockaddr_storage);
                if (getsockname(session->sockdata, (struct sockaddr *) &saddr, &saddrlen) == -1)
                {
                        goto error;
 
                // get the complete sockaddr structure used in the data connection
                saddrlen = sizeof(struct sockaddr_storage);
                if (getsockname(session->sockdata, (struct sockaddr *) &saddr, &saddrlen) == -1)
                {
-                       sock_geterror("getsockname(): ", errmsgbuf, PCAP_ERRBUF_SIZE);
+                       sock_geterrmsg(errmsgbuf, PCAP_ERRBUF_SIZE,
+                           "getsockname() failed");
                        goto error;
                }
 
                        goto error;
                }
 
@@ -1740,7 +2115,8 @@ daemon_msg_startcap_req(struct daemon_slpars *pars, uint32 plen, char *source, s
                if (getnameinfo((struct sockaddr *) &saddr, saddrlen, NULL,
                                0, portdata, sizeof(portdata), NI_NUMERICSERV))
                {
                if (getnameinfo((struct sockaddr *) &saddr, saddrlen, NULL,
                                0, portdata, sizeof(portdata), NI_NUMERICSERV))
                {
-                       sock_geterror("getnameinfo(): ", errmsgbuf, PCAP_ERRBUF_SIZE);
+                       sock_geterrmsg(errmsgbuf, PCAP_ERRBUF_SIZE,
+                           "getnameinfo() failed");
                        goto error;
                }
        }
                        goto error;
                }
        }
@@ -1752,7 +2128,7 @@ daemon_msg_startcap_req(struct daemon_slpars *pars, uint32 plen, char *source, s
        // Needed to send an error on the ctrl connection
        session->sockctrl = pars->sockctrl;
        session->ctrl_ssl = pars->ssl;
        // Needed to send an error on the ctrl connection
        session->sockctrl = pars->sockctrl;
        session->ctrl_ssl = pars->ssl;
-       session->protocol_version = pars->protocol_version;
+       session->protocol_version = ver;
 
        // Now I can set the filter
        ret = daemon_unpackapplyfilter(pars->sockctrl, pars->ssl, session, &plen, errmsgbuf);
 
        // Now I can set the filter
        ret = daemon_unpackapplyfilter(pars->sockctrl, pars->ssl, session, &plen, errmsgbuf);
@@ -1772,7 +2148,7 @@ daemon_msg_startcap_req(struct daemon_slpars *pars, uint32 plen, char *source, s
            RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
                goto error;
 
            RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
                goto error;
 
-       rpcap_createhdr((struct rpcap_header *) sendbuf, pars->protocol_version,
+       rpcap_createhdr((struct rpcap_header *) sendbuf, ver,
            RPCAP_MSG_STARTCAP_REPLY, 0, sizeof(struct rpcap_startcapreply));
 
        startcapreply = (struct rpcap_startcapreply *) &sendbuf[sendbufidx];
            RPCAP_MSG_STARTCAP_REPLY, 0, sizeof(struct rpcap_startcapreply));
 
        startcapreply = (struct rpcap_startcapreply *) &sendbuf[sendbufidx];
@@ -1808,7 +2184,8 @@ daemon_msg_startcap_req(struct daemon_slpars *pars, uint32 plen, char *source, s
 
                if (socktemp == INVALID_SOCKET)
                {
 
                if (socktemp == INVALID_SOCKET)
                {
-                       sock_geterror("accept(): ", errbuf, PCAP_ERRBUF_SIZE);
+                       sock_geterrmsg(errbuf, PCAP_ERRBUF_SIZE,
+                          "accept() failed");
                        rpcapd_log(LOGPRIO_ERROR, "Accept of data connection failed: %s",
                            errbuf);
                        goto error;
                        rpcapd_log(LOGPRIO_ERROR, "Accept of data connection failed: %s",
                            errbuf);
                        goto error;
@@ -1842,7 +2219,7 @@ daemon_msg_startcap_req(struct daemon_slpars *pars, uint32 plen, char *source, s
            (void *) session, 0, NULL);
        if (session->thread == 0)
        {
            (void *) session, 0, NULL);
        if (session->thread == 0)
        {
-               pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error creating the data thread");
+               snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error creating the data thread");
                goto error;
        }
 #else
                goto error;
        }
 #else
@@ -1880,7 +2257,7 @@ error:
                free(session);
        }
 
                free(session);
        }
 
-       if (rpcap_senderror(pars->sockctrl, pars->ssl, pars->protocol_version,
+       if (rpcap_senderror(pars->sockctrl, pars->ssl, ver,
            PCAP_ERR_STARTCAPTURE, errmsgbuf, errbuf) == -1)
        {
                // That failed; log a message and give up.
            PCAP_ERR_STARTCAPTURE, errmsgbuf, errbuf) == -1)
        {
                // That failed; log a message and give up.
@@ -1914,15 +2291,15 @@ fatal_error:
 }
 
 static int
 }
 
 static int
-daemon_msg_endcap_req(struct daemon_slpars *pars, struct session *session)
+daemon_msg_endcap_req(uint8 ver, struct daemon_slpars *pars,
+    struct session *session)
 {
        char errbuf[PCAP_ERRBUF_SIZE];          // buffer for network errors
        struct rpcap_header header;
 
        session_close(session);
 
 {
        char errbuf[PCAP_ERRBUF_SIZE];          // buffer for network errors
        struct rpcap_header header;
 
        session_close(session);
 
-       rpcap_createhdr(&header, pars->protocol_version,
-           RPCAP_MSG_ENDCAP_REPLY, 0, 0);
+       rpcap_createhdr(&header, ver, RPCAP_MSG_ENDCAP_REPLY, 0, 0);
 
        if (sock_send(pars->sockctrl, pars->ssl, (char *) &header, sizeof(struct rpcap_header), errbuf, PCAP_ERRBUF_SIZE) == -1)
        {
 
        if (sock_send(pars->sockctrl, pars->ssl, (char *) &header, sizeof(struct rpcap_header), errbuf, PCAP_ERRBUF_SIZE) == -1)
        {
@@ -1934,6 +2311,23 @@ daemon_msg_endcap_req(struct daemon_slpars *pars, struct session *session)
        return 0;
 }
 
        return 0;
 }
 
+//
+// We impose a limit on the filter program size, so that, on Windows,
+// where there's only one server process with multiple threads, it's
+// harder to eat all the server address space by sending larger filter
+// programs.  (This isn't an issue on UN*X, where there are multiple
+// server processes, one per client connection.)
+//
+// We pick a value that limits each filter to 64K; that value is twice
+// the in-kernel limit for Linux and 16 times the in-kernel limit for
+// *BSD and macOS.
+//
+// It also prevents an overflow on 32-bit platforms when calculating
+// the total size of the filter program.  (It's not an issue on 64-bit
+// platforms with a 64-bit size_t, as the filter size is 32 bits.)
+//
+#define RPCAP_BPF_MAXINSNS     8192
+
 static int
 daemon_unpackapplyfilter(SOCKET sockctrl, SSL *ctrl_ssl, struct session *session, uint32 *plenp, char *errmsgbuf)
 {
 static int
 daemon_unpackapplyfilter(SOCKET sockctrl, SSL *ctrl_ssl, struct session *session, uint32 *plenp, char *errmsgbuf)
 {
@@ -1959,10 +2353,17 @@ daemon_unpackapplyfilter(SOCKET sockctrl, SSL *ctrl_ssl, struct session *session
 
        if (ntohs(filter.filtertype) != RPCAP_UPDATEFILTER_BPF)
        {
 
        if (ntohs(filter.filtertype) != RPCAP_UPDATEFILTER_BPF)
        {
-               pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Only BPF/NPF filters are currently supported");
+               snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Only BPF/NPF filters are currently supported");
                return -2;
        }
 
                return -2;
        }
 
+       if (bf_prog.bf_len > RPCAP_BPF_MAXINSNS)
+       {
+               snprintf(errmsgbuf, PCAP_ERRBUF_SIZE,
+                   "Filter program is larger than the maximum size of %d instructions",
+                   RPCAP_BPF_MAXINSNS);
+               return -2;
+       }
        bf_insn = (struct bpf_insn *) malloc (sizeof(struct bpf_insn) * bf_prog.bf_len);
        if (bf_insn == NULL)
        {
        bf_insn = (struct bpf_insn *) malloc (sizeof(struct bpf_insn) * bf_prog.bf_len);
        if (bf_insn == NULL)
        {
@@ -1999,13 +2400,13 @@ daemon_unpackapplyfilter(SOCKET sockctrl, SSL *ctrl_ssl, struct session *session
        //
        if (bpf_validate(bf_prog.bf_insns, bf_prog.bf_len) == 0)
        {
        //
        if (bpf_validate(bf_prog.bf_insns, bf_prog.bf_len) == 0)
        {
-               pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "The filter contains bogus instructions");
+               snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "The filter contains bogus instructions");
                return -2;
        }
 
        if (pcap_setfilter(session->fp, &bf_prog))
        {
                return -2;
        }
 
        if (pcap_setfilter(session->fp, &bf_prog))
        {
-               pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "RPCAP error: %s", pcap_geterr(session->fp));
+               snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "RPCAP error: %s", pcap_geterr(session->fp));
                return -2;
        }
 
                return -2;
        }
 
@@ -2013,7 +2414,8 @@ daemon_unpackapplyfilter(SOCKET sockctrl, SSL *ctrl_ssl, struct session *session
 }
 
 static int
 }
 
 static int
-daemon_msg_updatefilter_req(struct daemon_slpars *pars, struct session *session, uint32 plen)
+daemon_msg_updatefilter_req(uint8 ver, struct daemon_slpars *pars,
+    struct session *session, uint32 plen)
 {
        char errbuf[PCAP_ERRBUF_SIZE];
        char errmsgbuf[PCAP_ERRBUF_SIZE];       // buffer for errors to send to the client
 {
        char errbuf[PCAP_ERRBUF_SIZE];
        char errmsgbuf[PCAP_ERRBUF_SIZE];       // buffer for errors to send to the client
@@ -2040,12 +2442,11 @@ daemon_msg_updatefilter_req(struct daemon_slpars *pars, struct session *session,
        }
 
        // A response is needed, otherwise the other host does not know that everything went well
        }
 
        // A response is needed, otherwise the other host does not know that everything went well
-       rpcap_createhdr(&header, pars->protocol_version,
-           RPCAP_MSG_UPDATEFILTER_REPLY, 0, 0);
+       rpcap_createhdr(&header, ver, RPCAP_MSG_UPDATEFILTER_REPLY, 0, 0);
 
 
-       if (sock_send(pars->sockctrl, pars->ssl, (char *) &header, sizeof (struct rpcap_header), pcap_geterr(session->fp), PCAP_ERRBUF_SIZE))
+       if (sock_send(pars->sockctrl, pars->ssl, (char *) &header, sizeof (struct rpcap_header), errbuf, PCAP_ERRBUF_SIZE))
        {
        {
-               // That failed; log a messsage and give up.
+               // That failed; log a message and give up.
                rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                return -1;
        }
                rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                return -1;
        }
@@ -2057,8 +2458,8 @@ error:
        {
                return -1;
        }
        {
                return -1;
        }
-       rpcap_senderror(pars->sockctrl, pars->ssl, pars->protocol_version,
-           PCAP_ERR_UPDATEFILTER, errmsgbuf, NULL);
+       rpcap_senderror(pars->sockctrl, pars->ssl, ver, PCAP_ERR_UPDATEFILTER,
+           errmsgbuf, NULL);
 
        return 0;
 }
 
        return 0;
 }
@@ -2067,7 +2468,8 @@ error:
        \brief Received the sampling parameters from remote host and it stores in the pcap_t structure.
 */
 static int
        \brief Received the sampling parameters from remote host and it stores in the pcap_t structure.
 */
 static int
-daemon_msg_setsampling_req(struct daemon_slpars *pars, uint32 plen, struct rpcap_sampling *samp_param)
+daemon_msg_setsampling_req(uint8 ver, struct daemon_slpars *pars, uint32 plen,
+    struct rpcap_sampling *samp_param)
 {
        char errbuf[PCAP_ERRBUF_SIZE];          // buffer for network errors
        char errmsgbuf[PCAP_ERRBUF_SIZE];
 {
        char errbuf[PCAP_ERRBUF_SIZE];          // buffer for network errors
        char errmsgbuf[PCAP_ERRBUF_SIZE];
@@ -2090,12 +2492,11 @@ daemon_msg_setsampling_req(struct daemon_slpars *pars, uint32 plen, struct rpcap
        samp_param->value = ntohl(rpcap_samp.value);
 
        // A response is needed, otherwise the other host does not know that everything went well
        samp_param->value = ntohl(rpcap_samp.value);
 
        // A response is needed, otherwise the other host does not know that everything went well
-       rpcap_createhdr(&header, pars->protocol_version,
-           RPCAP_MSG_SETSAMPLING_REPLY, 0, 0);
+       rpcap_createhdr(&header, ver, RPCAP_MSG_SETSAMPLING_REPLY, 0, 0);
 
        if (sock_send(pars->sockctrl, pars->ssl, (char *) &header, sizeof (struct rpcap_header), errbuf, PCAP_ERRBUF_SIZE) == -1)
        {
 
        if (sock_send(pars->sockctrl, pars->ssl, (char *) &header, sizeof (struct rpcap_header), errbuf, PCAP_ERRBUF_SIZE) == -1)
        {
-               // That failed; log a messsage and give up.
+               // That failed; log a message and give up.
                rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                return -1;
        }
                rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
                return -1;
        }
@@ -2108,8 +2509,8 @@ daemon_msg_setsampling_req(struct daemon_slpars *pars, uint32 plen, struct rpcap
        return 0;
 
 error:
        return 0;
 
 error:
-       if (rpcap_senderror(pars->sockctrl, pars->ssl, pars->protocol_version,
-           PCAP_ERR_AUTH, errmsgbuf, errbuf) == -1)
+       if (rpcap_senderror(pars->sockctrl, pars->ssl, ver, PCAP_ERR_SETSAMPLING,
+           errmsgbuf, errbuf) == -1)
        {
                // That failed; log a message and give up.
                rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
        {
                // That failed; log a message and give up.
                rpcapd_log(LOGPRIO_ERROR, "Send to client failed: %s", errbuf);
@@ -2126,7 +2527,9 @@ error:
 }
 
 static int
 }
 
 static int
-daemon_msg_stats_req(struct daemon_slpars *pars, struct session *session, uint32 plen, struct pcap_stat *stats, unsigned int svrcapt)
+daemon_msg_stats_req(uint8 ver, struct daemon_slpars *pars,
+    struct session *session, uint32 plen, struct pcap_stat *stats,
+    unsigned int svrcapt)
 {
        char errbuf[PCAP_ERRBUF_SIZE];          // buffer for network errors
        char errmsgbuf[PCAP_ERRBUF_SIZE];       // buffer for errors to send to the client
 {
        char errbuf[PCAP_ERRBUF_SIZE];          // buffer for network errors
        char errmsgbuf[PCAP_ERRBUF_SIZE];       // buffer for errors to send to the client
@@ -2145,7 +2548,7 @@ daemon_msg_stats_req(struct daemon_slpars *pars, struct session *session, uint32
            &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
                goto error;
 
            &sendbufidx, RPCAP_NETBUF_SIZE, SOCKBUF_CHECKONLY, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
                goto error;
 
-       rpcap_createhdr((struct rpcap_header *) sendbuf, pars->protocol_version,
+       rpcap_createhdr((struct rpcap_header *) sendbuf, ver,
            RPCAP_MSG_STATS_REPLY, 0, (uint16) sizeof(struct rpcap_stats));
 
        netstats = (struct rpcap_stats *) &sendbuf[sendbufidx];
            RPCAP_MSG_STATS_REPLY, 0, (uint16) sizeof(struct rpcap_stats));
 
        netstats = (struct rpcap_stats *) &sendbuf[sendbufidx];
@@ -2158,7 +2561,7 @@ daemon_msg_stats_req(struct daemon_slpars *pars, struct session *session, uint32
        {
                if (pcap_stats(session->fp, stats) == -1)
                {
        {
                if (pcap_stats(session->fp, stats) == -1)
                {
-                       pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "%s", pcap_geterr(session->fp));
+                       snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "%s", pcap_geterr(session->fp));
                        goto error;
                }
 
                        goto error;
                }
 
@@ -2188,8 +2591,8 @@ daemon_msg_stats_req(struct daemon_slpars *pars, struct session *session, uint32
        return 0;
 
 error:
        return 0;
 
 error:
-       rpcap_senderror(pars->sockctrl, pars->ssl, pars->protocol_version,
-           PCAP_ERR_GETSTATS, errmsgbuf, NULL);
+       rpcap_senderror(pars->sockctrl, pars->ssl, ver, PCAP_ERR_GETSTATS,
+           errmsgbuf, NULL);
        return 0;
 }
 
        return 0;
 }
 
@@ -2280,7 +2683,7 @@ daemon_thrdatamain(void *ptr)
        //
        sigemptyset(&sigusr1);
        sigaddset(&sigusr1, SIGUSR1);
        //
        sigemptyset(&sigusr1);
        sigaddset(&sigusr1, SIGUSR1);
-       sigprocmask(SIG_BLOCK, &sigusr1, NULL);
+       pthread_sigmask(SIG_BLOCK, &sigusr1, NULL);
 #endif
 
        // Retrieve the packets
 #endif
 
        // Retrieve the packets
@@ -2290,14 +2693,14 @@ daemon_thrdatamain(void *ptr)
                //
                // Unblock SIGUSR1 while we might be waiting for packets.
                //
                //
                // Unblock SIGUSR1 while we might be waiting for packets.
                //
-               sigprocmask(SIG_UNBLOCK, &sigusr1, NULL);
+               pthread_sigmask(SIG_UNBLOCK, &sigusr1, NULL);
 #endif
                retval = pcap_next_ex(session->fp, &pkt_header, (const u_char **) &pkt_data);   // cast to avoid a compiler warning
 #ifndef _WIN32
                //
                // Now block it again.
                //
 #endif
                retval = pcap_next_ex(session->fp, &pkt_header, (const u_char **) &pkt_data);   // cast to avoid a compiler warning
 #ifndef _WIN32
                //
                // Now block it again.
                //
-               sigprocmask(SIG_BLOCK, &sigusr1, NULL);
+               pthread_sigmask(SIG_BLOCK, &sigusr1, NULL);
 #endif
                if (retval < 0)
                        break;          // error
 #endif
                if (retval < 0)
                        break;          // error
@@ -2389,7 +2792,7 @@ daemon_thrdatamain(void *ptr)
                // The latter just means that the client told us to stop
                // capturing, so there's no error to report.
                //
                // The latter just means that the client told us to stop
                // capturing, so there's no error to report.
                //
-               pcap_snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error reading the packets: %s", pcap_geterr(session->fp));
+               snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error reading the packets: %s", pcap_geterr(session->fp));
                rpcap_senderror(session->sockctrl, session->ctrl_ssl, session->protocol_version,
                    PCAP_ERR_READEX, errbuf, NULL);
        }
                rpcap_senderror(session->sockctrl, session->ctrl_ssl, session->protocol_version,
                    PCAP_ERR_READEX, errbuf, NULL);
        }
@@ -2438,19 +2841,25 @@ daemon_seraddr(struct sockaddr_storage *sockaddrin, struct rpcap_sockaddr *socka
        if (sockaddrin == NULL) return;
 
        // Warning: we support only AF_INET and AF_INET6
        if (sockaddrin == NULL) return;
 
        // Warning: we support only AF_INET and AF_INET6
+       //
+       // Note: as noted above, the output structures are not
+       // neatly aligned on 4-byte boundaries, so we must fill
+       // in an aligned structure and then copy it to the output
+       // buffer with memcpy().
        switch (sockaddrin->ss_family)
        {
        case AF_INET:
                {
                struct sockaddr_in *sockaddrin_ipv4;
        switch (sockaddrin->ss_family)
        {
        case AF_INET:
                {
                struct sockaddr_in *sockaddrin_ipv4;
-               struct rpcap_sockaddr_in *sockaddrout_ipv4;
+               struct rpcap_sockaddr_in sockaddrout_ipv4;
 
                sockaddrin_ipv4 = (struct sockaddr_in *) sockaddrin;
 
                sockaddrin_ipv4 = (struct sockaddr_in *) sockaddrin;
-               sockaddrout_ipv4 = (struct rpcap_sockaddr_in *) sockaddrout;
-               sockaddrout_ipv4->family = htons(RPCAP_AF_INET);
-               sockaddrout_ipv4->port = htons(sockaddrin_ipv4->sin_port);
-               memcpy(&sockaddrout_ipv4->addr, &sockaddrin_ipv4->sin_addr, sizeof(sockaddrout_ipv4->addr));
-               memset(sockaddrout_ipv4->zero, 0, sizeof(sockaddrout_ipv4->zero));
+
+               sockaddrout_ipv4.family = htons(RPCAP_AF_INET);
+               sockaddrout_ipv4.port = htons(sockaddrin_ipv4->sin_port);
+               memcpy(&sockaddrout_ipv4.addr, &sockaddrin_ipv4->sin_addr, sizeof(sockaddrout_ipv4.addr));
+               memset(sockaddrout_ipv4.zero, 0, sizeof(sockaddrout_ipv4.zero));
+               memcpy(sockaddrout, &sockaddrout_ipv4, sizeof(struct rpcap_sockaddr_in));
                break;
                }
 
                break;
                }
 
@@ -2458,15 +2867,16 @@ daemon_seraddr(struct sockaddr_storage *sockaddrin, struct rpcap_sockaddr *socka
        case AF_INET6:
                {
                struct sockaddr_in6 *sockaddrin_ipv6;
        case AF_INET6:
                {
                struct sockaddr_in6 *sockaddrin_ipv6;
-               struct rpcap_sockaddr_in6 *sockaddrout_ipv6;
+               struct rpcap_sockaddr_in6 sockaddrout_ipv6;
 
                sockaddrin_ipv6 = (struct sockaddr_in6 *) sockaddrin;
 
                sockaddrin_ipv6 = (struct sockaddr_in6 *) sockaddrin;
-               sockaddrout_ipv6 = (struct rpcap_sockaddr_in6 *) sockaddrout;
-               sockaddrout_ipv6->family = htons(RPCAP_AF_INET6);
-               sockaddrout_ipv6->port = htons(sockaddrin_ipv6->sin6_port);
-               sockaddrout_ipv6->flowinfo = htonl(sockaddrin_ipv6->sin6_flowinfo);
-               memcpy(&sockaddrout_ipv6->addr, &sockaddrin_ipv6->sin6_addr, sizeof(sockaddrout_ipv6->addr));
-               sockaddrout_ipv6->scope_id = htonl(sockaddrin_ipv6->sin6_scope_id);
+
+               sockaddrout_ipv6.family = htons(RPCAP_AF_INET6);
+               sockaddrout_ipv6.port = htons(sockaddrin_ipv6->sin6_port);
+               sockaddrout_ipv6.flowinfo = htonl(sockaddrin_ipv6->sin6_flowinfo);
+               memcpy(&sockaddrout_ipv6.addr, &sockaddrin_ipv6->sin6_addr, sizeof(sockaddrout_ipv6.addr));
+               sockaddrout_ipv6.scope_id = htonl(sockaddrin_ipv6->sin6_scope_id);
+               memcpy(sockaddrout, &sockaddrout_ipv6, sizeof(struct rpcap_sockaddr_in6));
                break;
                }
 #endif
                break;
                }
 #endif
@@ -2479,6 +2889,7 @@ daemon_seraddr(struct sockaddr_storage *sockaddrin, struct rpcap_sockaddr *socka
 */
 void sleep_secs(int secs)
 {
 */
 void sleep_secs(int secs)
 {
+#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
 #ifdef _WIN32
        Sleep(secs*1000);
 #else
 #ifdef _WIN32
        Sleep(secs*1000);
 #else
@@ -2490,6 +2901,7 @@ void sleep_secs(int secs)
        while (secs_remaining != 0)
                secs_remaining = sleep(secs_remaining);
 #endif
        while (secs_remaining != 0)
                secs_remaining = sleep(secs_remaining);
 #endif
+#endif
 }
 
 /*
 }
 
 /*
@@ -2536,7 +2948,7 @@ rpcapd_recv(SOCKET sock, SSL *ssl, char *buffer, size_t toread, uint32 *plen, ch
        if (toread > *plen)
        {
                // Tell the client and continue.
        if (toread > *plen)
        {
                // Tell the client and continue.
-               pcap_snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Message payload is too short");
+               snprintf(errmsgbuf, PCAP_ERRBUF_SIZE, "Message payload is too short");
                return -2;
        }
        nread = sock_recv(sock, ssl, buffer, toread,
                return -2;
        }
        nread = sock_recv(sock, ssl, buffer, toread,
@@ -2623,7 +3035,7 @@ static void session_close(struct session *session)
                //
                CloseHandle(session->thread);
                session->have_thread = 0;
                //
                CloseHandle(session->thread);
                session->have_thread = 0;
-               session->thread = INVALID_HANDLE;
+               session->thread = INVALID_HANDLE_VALUE;
 #else
                //
                // Send a SIGUSR1 signal to the thread, so that, if
 #else
                //
                // Send a SIGUSR1 signal to the thread, so that, if
@@ -2649,7 +3061,9 @@ static void session_close(struct session *session)
 #ifdef HAVE_OPENSSL
        if (session->data_ssl)
        {
 #ifdef HAVE_OPENSSL
        if (session->data_ssl)
        {
-               SSL_free(session->data_ssl); // Must happen *before* the socket is closed
+               // Finish using the SSL handle for the socket.
+               // This must be done *before* the socket is closed.
+               ssl_finish(session->data_ssl);
                session->data_ssl = NULL;
        }
 #endif
                session->data_ssl = NULL;
        }
 #endif
@@ -2666,3 +3080,67 @@ static void session_close(struct session *session)
                session->fp = NULL;
        }
 }
                session->fp = NULL;
        }
 }
+
+//
+// Check whether a capture source string is a URL or not.
+// This includes URLs that refer to a local device; a scheme, followed
+// by ://, followed by *another* scheme and ://, is just silly, and
+// anybody who supplies that will get an error.
+//
+static int
+is_url(const char *source)
+{
+       char *colonp;
+
+       /*
+        * RFC 3986 says:
+        *
+        *   URI         = scheme ":" hier-part [ "?" query ] [ "#" fragment ]
+        *
+        *   hier-part   = "//" authority path-abempty
+        *               / path-absolute
+        *               / path-rootless
+        *               / path-empty
+        *
+        *   authority   = [ userinfo "@" ] host [ ":" port ]
+        *
+        *   userinfo    = *( unreserved / pct-encoded / sub-delims / ":" )
+        *
+        * Step 1: look for the ":" at the end of the scheme.
+        * A colon in the source is *NOT* sufficient to indicate that
+        * this is a URL, as interface names on some platforms might
+        * include colons (e.g., I think some Solaris interfaces
+        * might).
+        */
+       colonp = strchr(source, ':');
+       if (colonp == NULL)
+       {
+               /*
+                * The source is the device to open.  It's not a URL.
+                */
+               return (0);
+       }
+
+       /*
+        * All schemes must have "//" after them, i.e. we only support
+        * hier-part   = "//" authority path-abempty, not
+        * hier-part   = path-absolute
+        * hier-part   = path-rootless
+        * hier-part   = path-empty
+        *
+        * We need that in order to distinguish between a local device
+        * name that happens to contain a colon and a URI.
+        */
+       if (strncmp(colonp + 1, "//", 2) != 0)
+       {
+               /*
+                * The source is the device to open.  It's not a URL.
+                */
+               return (0);
+       }
+
+       /*
+        * It's a URL.
+        */
+       return (1);
+}
[mirror] the LIBpcap interface to various kernel packet capture mechanism