From: Guy Harris <guy@alum.mit.edu>
Date: Mon, 3 Oct 2016 06:39:51 +0000 (-0700)
Subject: Fix handling of packet count in the TPACKET_V3 inner loop.
X-Git-Tag: libpcap-1.8.1~14
X-Git-Url: https://git.tcpdump.org/libpcap/commitdiff_plain/6a2d4ff6d92a4d7b7abf22939c89449040837fa8

Fix handling of packet count in the TPACKET_V3 inner loop.

If we were told to process no more than N packets, and we've already
processed M packets so far, we should process no more than N-M packets
in a buffer; if we stop at N rather than N-M, we could end up processing
more than N packets in a pcap_dispatch() call.

Fixes GitHub issue #493.
---

diff --git a/pcap-linux.c b/pcap-linux.c
index f1ce0c61..b51f5e50 100644
--- a/pcap-linux.c
+++ b/pcap-linux.c
@@ -5082,11 +5082,18 @@ again:
 		}
 		packets_to_read = handlep->packets_left;
 
-		if (!PACKET_COUNT_IS_UNLIMITED(max_packets) && packets_to_read > max_packets) {
-			packets_to_read = max_packets;
+		if (!PACKET_COUNT_IS_UNLIMITED(max_packets) &&
+		    packets_to_read > (max_packets - pkts)) {
+			/*
+			 * We've been given a maximum number of packets
+			 * to process, and there are more packets in
+			 * this buffer than that.  Only process enough
+			 * of them to get us up to that maximum.
+			 */
+			packets_to_read = max_packets - pkts;
 		}
 
-		while(packets_to_read--) {
+		while (packets_to_read--) {
 			struct tpacket3_hdr* tp3_hdr = (struct tpacket3_hdr*) handlep->current_packet;
 			ret = pcap_handle_packet_mmap(
 					handle,