diff options
| author | Tobias Klauser <tklauser@distanz.ch> | 2014-04-30 13:32:08 +0200 |
|---|---|---|
| committer | Tobias Klauser <tklauser@distanz.ch> | 2014-04-30 13:32:08 +0200 |
| commit | f4821f92614bafaaee01721b3a5ffc29fe2f5365 (patch) | |
| tree | 87b71ab410183ad1497e7cf6798aa7b3dc72dba3 /netsniff-ng.c | |
| parent | 190dc7879a1a8813f2332ee7b39b743a49ac2771 (diff) | |
ring: Consistently use size_t to specify ring size
The mm_len member of struct ring is of type size_t, but in the code
paths leading to set it, unsigned int is used. In circumstances where
unsigned int is 32 bit and size_t is 64 bit, this could lead to an
integer overflow, which causes an improper ring size being mmap()'ed in
mmap_ring_generic().
In order to prevent this, consistently use size_t to store the ring
size, since this is also what mmap() takes as its `length' parameter.
This now allows to specify ring sizes larger than 4 GiB for both
netsniff-ng and trafgen (fixes #90).
Reported-by: Jon Schipp <jonschipp@gmail.com>
Reported-by: Michał Purzyński <michalpurzynski1@gmail.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Diffstat (limited to 'netsniff-ng.c')
| -rw-r--r-- | netsniff-ng.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/netsniff-ng.c b/netsniff-ng.c index ab3d53f..a994299 100644 --- a/netsniff-ng.c +++ b/netsniff-ng.c @@ -55,7 +55,8 @@ enum dump_mode { struct ctx { char *device_in, *device_out, *device_trans, *filter, *prefix; int cpu, rfraw, dump, print_mode, dump_dir, packet_type, verbose; - unsigned long kpull, dump_interval, reserve_size, tx_bytes, tx_packets; + unsigned long kpull, dump_interval, tx_bytes, tx_packets; + size_t reserve_size; bool randomize, promiscuous, enforce, jumbo, dump_bpf; enum pcap_ops_groups pcap; enum dump_mode dump_mode; uid_t uid; gid_t gid; uint32_t link_type, magic; @@ -170,7 +171,8 @@ static void pcap_to_xmit(struct ctx *ctx) { uint8_t *out = NULL; int irq, ifindex, fd = 0, ret; - unsigned int size, it = 0; + size_t size; + unsigned int it = 0; unsigned long trunced = 0; struct ring tx_ring; struct frame_map *hdr; @@ -344,7 +346,8 @@ static void receive_to_xmit(struct ctx *ctx) short ifflags = 0; uint8_t *in, *out; int rx_sock, ifindex_in, ifindex_out, ret; - unsigned int size_in, size_out, it_in = 0, it_out = 0; + size_t size_in, size_out; + unsigned int it_in = 0, it_out = 0; unsigned long frame_count = 0; struct frame_map *hdr_in, *hdr_out; struct ring tx_ring, rx_ring; @@ -879,7 +882,8 @@ static void recv_only_or_dump(struct ctx *ctx) { short ifflags = 0; int sock, irq, ifindex, fd = 0, ret; - unsigned int size, it = 0; + size_t size; + unsigned int it = 0; struct ring rx_ring; struct pollfd rx_poll; struct sock_fprog bpf_ops; |