Make sure no read routine process more than INT_MAX packets.

Some read routines don't read a single bufferful of packets and process
just those packets; if packets continue to be made available, they could
conceivably process an arbitrary number of packets.

That would mean that the packet count overflows; either that makes it
look like a negative number, making it look as if an error occurred, or
makes it look like a too-small positive number.

This can't be fixed by making the count 64-bit, as it ultimately gets
returned by pcap_dispatch(), which is defined to return an int.

Instead, if the maximum packet count argument to those routines is a
value that means "no maximum", we set the maximum to INT_MAX.  Those
routines are *not* defined to loop forever, so this isn't an issue.

This should fix issue #1087.

1 files changed, 3 insertions, 0 deletions

diff --git a/pcap-airpcap.c b/pcap-airpcap.c
index d986ad9c..510e4c4e 100644
--- a/pcap-airpcap.c
+++ b/pcap-airpcap.c
@@ -627,6 +627,9 @@ airpcap_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user)
 
 	/*
 	 * Loop through each packet.
+	 *
+	 * This assumes that a single buffer of packets will have
+	 * <= INT_MAX packets, so the packet count doesn't overflow.
 	 */
 #define bhp ((AirpcapBpfHeader *)bp)
 	n = 0;