pcap_open_dead and pcap_fopen_offline has not initialized the breakloop_op and can_set_rfmon_op callback respectively,
if pcap_breakloop() is called followed by pcap_open_dead() and pcap_can_set_rfmon() is called followed by pcap_fopen_offline()
then the null function pointer crashes will happen.
This commit adds two default implementation pcap_breakloop_dead and sf_cant_set_rfmon and uses them to initialize those two missed callbacks.
Signed-off-by: hopper-vul <[email protected]>
(cherry picked from commit
eae1a8597f0c88508b3f756c69daefc3dd814e99)
return (-1);
}
+static int
+pcap_breakloop_dead(pcap_t *p)
+{
+ snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
+ "A breakloop cannot be set on a pcap_open_dead pcap_t");
+ return (-1);
+}
+
static int
pcap_inject_dead(pcap_t *p, const void *buf _U_, int size _U_)
{
p->live_dump_ended_op = pcap_live_dump_ended_dead;
p->get_airpcap_handle_op = pcap_get_airpcap_handle_dead;
#endif
+ p->breakloop_op = pcap_breakloop_dead;
p->cleanup_op = pcap_cleanup_dead;
/*
return (-1);
}
+static int
+sf_cant_set_rfmon(pcap_t *p _U_)
+{
+ /*
+ * This is a savefile, not a live capture file, so never say
+ * it's monitor mode.
+ */
+ return (0);
+}
+
static int
sf_stats(pcap_t *p, struct pcap_stat *ps _U_)
{
p->selectable_fd = fileno(fp);
#endif
+ p->can_set_rfmon_op = sf_cant_set_rfmon;
p->read_op = pcap_offline_read;
p->inject_op = sf_inject;
p->setfilter_op = install_bpf_program;
projects / libpcap / commitdiff
