SFLOW: Fix bounds checking

[tcpdump] / tcpdump.c

diff --git a/tcpdump.c b/tcpdump.c
index 1ad22927f7807c9935d4d74599281c7c2606c517..2b71d27deb171d8d9d35746fa9a5276065287b07 100644 (file)
--- a/tcpdump.c
+++ b/tcpdump.c
@@ -607,6 +607,15 @@ show_devices_and_exit (void)
  *
  * OS X tcpdump uses -P to indicate that -w should write pcap-ng rather
  * than pcap files.
+ *
+ * OS X tcpdump also uses -Q to specify expressions that match packet
+ * metadata, including but not limited to the packet direction.
+ * The expression syntax is different from a simple "in|out|inout",
+ * and those expressions aren't accepted by OS X tcpdump, but the
+ * equivalents would be "in" = "dir=in", "out" = "dir=out", and
+ * "inout" = "dir=in or dir=out", and the parser could conceivably
+ * special-case "in", "out", and "inout" as expressions for backwards
+ * compatibility, so all is not (yet) lost.
  */
 
 /*
@@ -655,6 +664,8 @@ show_devices_and_exit (void)
 #define Q_FLAG
 #endif
 
+#define SHORTOPTS "aAb" B_FLAG "c:C:d" D_FLAG "eE:fF:G:hHi:" I_FLAG j_FLAG J_FLAG "KlLm:M:nNOpq" Q_FLAG "r:Rs:StT:u" U_FLAG "vV:w:W:xXy:Yz:Z:#"
+
 /*
  * Long options.
  *
@@ -969,8 +980,9 @@ tstamp_precision_to_string(int precision)
  *        what the standard I/O library happens to require this week.
  */
 static void
-set_dump_fd_capsicum_rights(int fd)
+set_dumper_capsicum_rights(pcap_dumper_t *p)
 {
+       int fd = fileno(pcap_dump_file(p));
        cap_rights_t rights;
 
        cap_rights_init(&rights, CAP_SEEK, CAP_WRITE, CAP_FCNTL);
@@ -1061,7 +1073,7 @@ main(int argc, char **argv)
 #endif
 
        while (
-           (op = getopt_long(argc, argv, "aAb" B_FLAG "c:C:d" D_FLAG "eE:fF:G:hHi:" I_FLAG j_FLAG J_FLAG "KlLm:M:nNOpq" Q_FLAG "r:Rs:StT:u" U_FLAG "vV:w:W:xXy:Yz:Z:#", longopts, NULL)) != -1)
+           (op = getopt_long(argc, argv, SHORTOPTS, longopts, NULL)) != -1)
                switch (op) {
 
                case 'a':
@@ -1883,7 +1895,7 @@ main(int argc, char **argv)
                if (p == NULL)
                        error("%s", pcap_geterr(pd));
 #ifdef HAVE_CAPSICUM
-               set_dump_fd_capsicum_rights(fileno(pcap_dump_file(p)));
+               set_dumper_capsicum_rights(p);
 #endif
                if (Cflag != 0 || Gflag != 0) {
 #ifdef HAVE_CAPSICUM
@@ -2208,9 +2220,6 @@ static void
 dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *sp)
 {
        struct dump_info *dump_info;
-#ifdef HAVE_CAPSICUM
-       cap_rights_t rights;
-#endif
 
        ++packets_captured;
 
@@ -2321,7 +2330,7 @@ dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *s
                        if (dump_info->p == NULL)
                                error("%s", pcap_geterr(pd));
 #ifdef HAVE_CAPSICUM
-                       set_dump_fd_capsicum_rights(pcap_dump_file(dump_info->p)));
+                       set_dumper_capsicum_rights(dump_info->p);
 #endif
                }
        }
@@ -2392,7 +2401,7 @@ dump_packet_and_trunc(u_char *user, const struct pcap_pkthdr *h, const u_char *s
                        if (dump_info->p == NULL)
                                error("%s", pcap_geterr(pd));
 #ifdef HAVE_CAPSICUM
-                       set_dump_fd_capsicum_rights(fileno(pcap_dump_file(dump_info->p)));
+                       set_dumper_capsicum_rights(dump_info->p);
 #endif
                }
        }