diff options
| -rw-r--r-- | aclocal.m4 | 1 | ||||
| -rw-r--r-- | bpf/net/bpf_filter.c | 4 | ||||
| -rwxr-xr-x | configure | 43 | ||||
| -rw-r--r-- | gencode.c | 67 | ||||
| -rw-r--r-- | grammar.y | 2 | ||||
| -rw-r--r-- | optimize.c | 8 | ||||
| -rw-r--r-- | pcap-bpf.c | 4 | ||||
| -rw-r--r-- | pcap-int.h | 4 | ||||
| -rw-r--r-- | pcap.c | 45 | ||||
| -rw-r--r-- | sf-pcap-ng.c | 4 | ||||
| -rw-r--r-- | sf-pcap.c | 4 |
11 files changed, 134 insertions, 52 deletions
@@ -926,6 +926,7 @@ AC_DEFUN(AC_LBL_DEVEL, if test "$ac_lbl_cc_dont_try_gcc_dashW" != yes; then AC_LBL_CHECK_UNKNOWN_WARNING_OPTION_ERROR() AC_LBL_CHECK_COMPILER_OPT($1, -Wall) + AC_LBL_CHECK_COMPILER_OPT($1, -Wsign-compare) AC_LBL_CHECK_COMPILER_OPT($1, -Wmissing-prototypes) AC_LBL_CHECK_COMPILER_OPT($1, -Wstrict-prototypes) AC_LBL_CHECK_COMPILER_OPT($1, -Wdeclaration-after-statement) diff --git a/bpf/net/bpf_filter.c b/bpf/net/bpf_filter.c index c6660877..1ce22f4c 100644 --- a/bpf/net/bpf_filter.c +++ b/bpf/net/bpf_filter.c @@ -734,7 +734,7 @@ bpf_validate(f, len) #if defined(KERNEL) || defined(_KERNEL) if (from + p->k < from || from + p->k >= len) #else - if (from + p->k >= len) + if (from + p->k >= (u_int)len) #endif return 0; break; @@ -742,7 +742,7 @@ bpf_validate(f, len) case BPF_JGT: case BPF_JGE: case BPF_JSET: - if (from + p->jt >= len || from + p->jf >= len) + if (from + p->jt >= (u_int)len || from + p->jf >= (u_int)len) return 0; break; default: @@ -7793,6 +7793,49 @@ fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the compiler supports the -Wsign-compare option" >&5 +$as_echo_n "checking whether the compiler supports the -Wsign-compare option... " >&6; } + save_CFLAGS="$CFLAGS" + if expr "x-Wsign-compare" : "x-W.*" >/dev/null + then + CFLAGS="$CFLAGS $ac_lbl_unknown_warning_option_error -Wsign-compare" + elif expr "x-Wsign-compare" : "x-f.*" >/dev/null + then + CFLAGS="$CFLAGS -Werror -Wsign-compare" + elif expr "x-Wsign-compare" : "x-m.*" >/dev/null + then + CFLAGS="$CFLAGS -Werror -Wsign-compare" + else + CFLAGS="$CFLAGS -Wsign-compare" + fi + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +return 0 + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + CFLAGS="$save_CFLAGS" + V_CCOPT="$V_CCOPT -Wsign-compare" + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + CFLAGS="$save_CFLAGS" + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the compiler supports the -Wmissing-prototypes option" >&5 $as_echo_n "checking whether the compiler supports the -Wmissing-prototypes option... " >&6; } save_CFLAGS="$CFLAGS" @@ -194,6 +194,11 @@ struct addrinfo { } /* + * Offset "not set" value. + */ +#define OFFSET_NOT_SET 0xffffffffU + +/* * Absolute offsets, which are offsets from the beginning of the raw * packet data, are, in the general case, the sum of a variable value * and a constant value; the variable value may be absent, in which @@ -335,8 +340,8 @@ struct _compiler_state { * * For Linux cooked sockets, it's the offset of the type field. * - * off_linktype.constant_part is set to -1 for no encapsulation, - * in which case, IP is assumed. + * off_linktype.constant_part is set to OFFSET_NOT_SET for no + * encapsulation, in which case, IP is assumed. */ bpf_abs_offset off_linktype; @@ -1107,7 +1112,7 @@ init_linktype(compiler_state_t *cstate, pcap_t *p) * SLIP doesn't have a link level type. The 16 byte * header is hacked into our SLIP driver. */ - cstate->off_linktype.constant_part = -1; + cstate->off_linktype.constant_part = OFFSET_NOT_SET; cstate->off_linkpl.constant_part = 16; cstate->off_nl = 0; cstate->off_nl_nosnap = 0; /* no 802.2 LLC */ @@ -1115,7 +1120,7 @@ init_linktype(compiler_state_t *cstate, pcap_t *p) case DLT_SLIP_BSDOS: /* XXX this may be the same as the DLT_PPP_BSDOS case */ - cstate->off_linktype.constant_part = -1; + cstate->off_linktype.constant_part = OFFSET_NOT_SET; /* XXX end */ cstate->off_linkpl.constant_part = 24; cstate->off_nl = 0; @@ -1301,7 +1306,7 @@ init_linktype(compiler_state_t *cstate, pcap_t *p) case DLT_RAW: case DLT_IPV4: case DLT_IPV6: - cstate->off_linktype.constant_part = -1; + cstate->off_linktype.constant_part = OFFSET_NOT_SET; cstate->off_linkpl.constant_part = 0; cstate->off_nl = 0; cstate->off_nl_nosnap = 0; /* no 802.2 LLC */ @@ -1320,7 +1325,7 @@ init_linktype(compiler_state_t *cstate, pcap_t *p) * but really it just indicates whether there is a "short" or * "long" DDP packet following. */ - cstate->off_linktype.constant_part = -1; + cstate->off_linktype.constant_part = OFFSET_NOT_SET; cstate->off_linkpl.constant_part = 0; cstate->off_nl = 0; cstate->off_nl_nosnap = 0; /* no 802.2 LLC */ @@ -1348,7 +1353,7 @@ init_linktype(compiler_state_t *cstate, pcap_t *p) * XXX - we should set this to handle SNAP-encapsulated * frames (NLPID of 0x80). */ - cstate->off_linktype.constant_part = -1; + cstate->off_linktype.constant_part = OFFSET_NOT_SET; cstate->off_linkpl.constant_part = 0; cstate->off_nl = 0; cstate->off_nl_nosnap = 0; /* no 802.2 LLC */ @@ -1360,7 +1365,7 @@ init_linktype(compiler_state_t *cstate, pcap_t *p) * so lets start with offset 4 for now and increments later on (FIXME); */ case DLT_MFR: - cstate->off_linktype.constant_part = -1; + cstate->off_linktype.constant_part = OFFSET_NOT_SET; cstate->off_linkpl.constant_part = 0; cstate->off_nl = 4; cstate->off_nl_nosnap = 0; /* XXX - for now -> no 802.2 LLC */ @@ -1441,7 +1446,7 @@ init_linktype(compiler_state_t *cstate, pcap_t *p) case DLT_JUNIPER_ES: cstate->off_linktype.constant_part = 6; - cstate->off_linkpl.constant_part = -1; /* not really a network layer but raw IP addresses */ + cstate->off_linkpl.constant_part = OFFSET_NOT_SET; /* not really a network layer but raw IP addresses */ cstate->off_nl = -1; /* not really a network layer but raw IP addresses */ cstate->off_nl_nosnap = -1; /* no 802.2 LLC */ break; @@ -1454,36 +1459,36 @@ init_linktype(compiler_state_t *cstate, pcap_t *p) break; case DLT_BACNET_MS_TP: - cstate->off_linktype.constant_part = -1; - cstate->off_linkpl.constant_part = -1; + cstate->off_linktype.constant_part = OFFSET_NOT_SET; + cstate->off_linkpl.constant_part = OFFSET_NOT_SET; cstate->off_nl = -1; cstate->off_nl_nosnap = -1; break; case DLT_JUNIPER_SERVICES: cstate->off_linktype.constant_part = 12; - cstate->off_linkpl.constant_part = -1; /* L3 proto location dep. on cookie type */ + cstate->off_linkpl.constant_part = OFFSET_NOT_SET; /* L3 proto location dep. on cookie type */ cstate->off_nl = -1; /* L3 proto location dep. on cookie type */ cstate->off_nl_nosnap = -1; /* no 802.2 LLC */ break; case DLT_JUNIPER_VP: cstate->off_linktype.constant_part = 18; - cstate->off_linkpl.constant_part = -1; + cstate->off_linkpl.constant_part = OFFSET_NOT_SET; cstate->off_nl = -1; cstate->off_nl_nosnap = -1; break; case DLT_JUNIPER_ST: cstate->off_linktype.constant_part = 18; - cstate->off_linkpl.constant_part = -1; + cstate->off_linkpl.constant_part = OFFSET_NOT_SET; cstate->off_nl = -1; cstate->off_nl_nosnap = -1; break; case DLT_JUNIPER_ISM: cstate->off_linktype.constant_part = 8; - cstate->off_linkpl.constant_part = -1; + cstate->off_linkpl.constant_part = OFFSET_NOT_SET; cstate->off_nl = -1; cstate->off_nl_nosnap = -1; break; @@ -1493,7 +1498,7 @@ init_linktype(compiler_state_t *cstate, pcap_t *p) case DLT_JUNIPER_FIBRECHANNEL: case DLT_JUNIPER_ATM_CEMIC: cstate->off_linktype.constant_part = 8; - cstate->off_linkpl.constant_part = -1; + cstate->off_linkpl.constant_part = OFFSET_NOT_SET; cstate->off_nl = -1; cstate->off_nl_nosnap = -1; break; @@ -1505,8 +1510,8 @@ init_linktype(compiler_state_t *cstate, pcap_t *p) cstate->off_opc = 4; cstate->off_dpc = 4; cstate->off_sls = 7; - cstate->off_linktype.constant_part = -1; - cstate->off_linkpl.constant_part = -1; + cstate->off_linktype.constant_part = OFFSET_NOT_SET; + cstate->off_linkpl.constant_part = OFFSET_NOT_SET; cstate->off_nl = -1; cstate->off_nl_nosnap = -1; break; @@ -1518,8 +1523,8 @@ init_linktype(compiler_state_t *cstate, pcap_t *p) cstate->off_opc = 8; cstate->off_dpc = 8; cstate->off_sls = 11; - cstate->off_linktype.constant_part = -1; - cstate->off_linkpl.constant_part = -1; + cstate->off_linktype.constant_part = OFFSET_NOT_SET; + cstate->off_linkpl.constant_part = OFFSET_NOT_SET; cstate->off_nl = -1; cstate->off_nl_nosnap = -1; break; @@ -1531,14 +1536,14 @@ init_linktype(compiler_state_t *cstate, pcap_t *p) cstate->off_opc = 24; cstate->off_dpc = 24; cstate->off_sls = 27; - cstate->off_linktype.constant_part = -1; - cstate->off_linkpl.constant_part = -1; + cstate->off_linktype.constant_part = OFFSET_NOT_SET; + cstate->off_linkpl.constant_part = OFFSET_NOT_SET; cstate->off_nl = -1; cstate->off_nl_nosnap = -1; break; case DLT_PFSYNC: - cstate->off_linktype.constant_part = -1; + cstate->off_linktype.constant_part = OFFSET_NOT_SET; cstate->off_linkpl.constant_part = 4; cstate->off_nl = 0; cstate->off_nl_nosnap = 0; @@ -1548,8 +1553,8 @@ init_linktype(compiler_state_t *cstate, pcap_t *p) /* * Currently, only raw "link[N:M]" filtering is supported. */ - cstate->off_linktype.constant_part = -1; /* variable, min 15, max 71 steps of 7 */ - cstate->off_linkpl.constant_part = -1; + cstate->off_linktype.constant_part = OFFSET_NOT_SET; /* variable, min 15, max 71 steps of 7 */ + cstate->off_linkpl.constant_part = OFFSET_NOT_SET; cstate->off_nl = -1; /* variable, min 16, max 71 steps of 7 */ cstate->off_nl_nosnap = -1; /* no 802.2 LLC */ break; @@ -1584,8 +1589,8 @@ init_linktype(compiler_state_t *cstate, pcap_t *p) */ if (cstate->linktype >= DLT_MATCHING_MIN && cstate->linktype <= DLT_MATCHING_MAX) { - cstate->off_linktype.constant_part = -1; - cstate->off_linkpl.constant_part = -1; + cstate->off_linktype.constant_part = OFFSET_NOT_SET; + cstate->off_linkpl.constant_part = OFFSET_NOT_SET; cstate->off_nl = -1; cstate->off_nl_nosnap = -1; } else { @@ -3428,9 +3433,9 @@ gen_linktype(compiler_state_t *cstate, int proto) * Does this link-layer header type have a field * indicating the type of the next protocol? If * so, off_linktype.constant_part will be the offset of that - * field in the packet; if not, it will be -1. + * field in the packet; if not, it will be OFFSET_NOT_SET. */ - if (cstate->off_linktype.constant_part != (u_int)-1) { + if (cstate->off_linktype.constant_part != OFFSET_NOT_SET) { /* * Yes; assume it's an Ethernet type. (If * it's not, it needs to be handled specially @@ -6248,7 +6253,7 @@ gen_scode(compiler_state_t *cstate, const char *name, struct qual q) if (alist == NULL || *alist == NULL) bpf_error(cstate, "unknown host '%s'", name); tproto = proto; - if (cstate->off_linktype.constant_part == (u_int)-1 && + if (cstate->off_linktype.constant_part == OFFSET_NOT_SET && tproto == Q_DEFAULT) tproto = Q_IP; b = gen_host(cstate, **alist++, 0xffffffff, tproto, dir, q.addr); @@ -6267,7 +6272,7 @@ gen_scode(compiler_state_t *cstate, const char *name, struct qual q) cstate->ai = res; b = tmp = NULL; tproto = tproto6 = proto; - if (cstate->off_linktype.constant_part == -1 && + if (cstate->off_linktype.constant_part == OFFSET_NOT_SET && tproto == Q_DEFAULT) { tproto = Q_IP; tproto6 = Q_IPV6; @@ -620,7 +620,7 @@ pllc: LLC { $$ = gen_llc(cstate); } else if (pcap_strcasecmp($2, "u") == 0) $$ = gen_llc_u(cstate); else { - u_int subtype; + int subtype; subtype = str2tok($2, llc_s_subtypes); if (subtype != -1) @@ -885,7 +885,7 @@ opt_peep(opt_state_t *opt_state, struct block *b) if (b->s.code == (BPF_JMP|BPF_K|BPF_JSET)) { if (b->s.k == 0) JT(b) = JF(b); - if (b->s.k == 0xffffffff) + if ((u_int)b->s.k == 0xffffffffU) JF(b) = JT(b); } /* @@ -913,11 +913,11 @@ opt_peep(opt_state_t *opt_state, struct block *b) break; case BPF_JGT: - v = (unsigned)v > b->s.k; + v = (unsigned)v > (unsigned)b->s.k; break; case BPF_JGE: - v = (unsigned)v >= b->s.k; + v = (unsigned)v >= (unsigned)b->s.k; break; case BPF_JSET: @@ -2046,7 +2046,7 @@ convert_code_r(compiler_state_t *cstate, conv_state_t *conv_state, dst = conv_state->ftail -= (slen + 1 + p->longjt + p->longjf); /* inflate length by any extra jumps */ - p->offset = dst - conv_state->fstart; + p->offset = (int)(dst - conv_state->fstart); /* generate offset[] for convenience */ if (slen) { @@ -2123,7 +2123,7 @@ pcap_activate_bpf(pcap_t *p) * the default mode, attempt to * select the new mode. */ - if (new_dlt != v) { + if ((u_int)new_dlt != v) { if (ioctl(p->fd, BIOCSDLT, &new_dlt) != -1) { /* @@ -2765,7 +2765,7 @@ static int find_802_11(struct bpf_dltlist *bdlp) { int new_dlt; - int i; + u_int i; /* * Scan the list of DLT_ values, looking for 802.11 values, @@ -110,7 +110,7 @@ extern "C" { struct pcap_opt { char *device; int timeout; /* timeout for buffering */ - int buffer_size; + u_int buffer_size; int promisc; int rfmon; /* monitor mode */ int immediate; /* immediate mode - deliver packets as soon as they arrive */ @@ -169,7 +169,7 @@ struct pcap { /* * Read buffer. */ - int bufsize; + u_int bufsize; void *buffer; u_char *bp; int cc; @@ -587,9 +587,9 @@ pcap_create_common(char *ebuf, size_t size) initialize_ops(p); /* put in some defaults*/ - pcap_set_snaplen(p, MAXIMUM_SNAPLEN); /* max packet size */ - p->opt.timeout = 0; /* no timeout specified */ - p->opt.buffer_size = 0; /* use the platform's default */ + p->snapshot = MAXIMUM_SNAPLEN; /* max packet size */ + p->opt.timeout = 0; /* no timeout specified */ + p->opt.buffer_size = 0; /* use the platform's default */ p->opt.promisc = 0; p->opt.rfmon = 0; p->opt.immediate = 0; @@ -620,6 +620,16 @@ pcap_set_snaplen(pcap_t *p, int snaplen) { if (pcap_check_activated(p)) return (PCAP_ERROR_ACTIVATED); + + /* + * Turn invalid values, or excessively large values, into + * the maximum allowed value. + * + * If some application really *needs* a bigger snapshot + * length, we should just increase MAXIMUM_SNAPLEN. + */ + if (snaplen <= 0 || snaplen > MAXIMUM_SNAPLEN) + snaplen = MAXIMUM_SNAPLEN; p->snapshot = snaplen; return (0); } @@ -660,6 +670,13 @@ pcap_set_tstamp_type(pcap_t *p, int tstamp_type) return (PCAP_ERROR_ACTIVATED); /* + * The argument should have been u_int, but that's too late + * to change now - it's an API. + */ + if (tstamp_type < 0) + return (PCAP_WARNING_TSTAMP_TYPE_NOTSUP); + + /* * If p->tstamp_type_count is 0, we only support PCAP_TSTAMP_HOST; * the default time stamp type is PCAP_TSTAMP_HOST. */ @@ -673,7 +690,7 @@ pcap_set_tstamp_type(pcap_t *p, int tstamp_type) * Check whether we claim to support this type of time stamp. */ for (i = 0; i < p->tstamp_type_count; i++) { - if (p->tstamp_type_list[i] == tstamp_type) { + if (p->tstamp_type_list[i] == (u_int)tstamp_type) { /* * Yes. */ @@ -703,6 +720,12 @@ pcap_set_buffer_size(pcap_t *p, int buffer_size) { if (pcap_check_activated(p)) return (PCAP_ERROR_ACTIVATED); + if (buffer_size <= 0) { + /* + * Silently ignore invalid values. + */ + return (0); + } p->opt.buffer_size = buffer_size; return (0); } @@ -716,6 +739,13 @@ pcap_set_tstamp_precision(pcap_t *p, int tstamp_precision) return (PCAP_ERROR_ACTIVATED); /* + * The argument should have been u_int, but that's too late + * to change now - it's an API. + */ + if (tstamp_precision < 0) + return (PCAP_ERROR_TSTAMP_PRECISION_NOTSUP); + + /* * If p->tstamp_precision_count is 0, we only support setting * the time stamp precision to microsecond precision; every * pcap module *MUST* support microsecond precision, even if @@ -733,7 +763,7 @@ pcap_set_tstamp_precision(pcap_t *p, int tstamp_precision) * time stamp. */ for (i = 0; i < p->tstamp_precision_count; i++) { - if (p->tstamp_precision_list[i] == tstamp_precision) { + if (p->tstamp_precision_list[i] == (u_int)tstamp_precision) { /* * Yes. */ @@ -973,6 +1003,9 @@ pcap_set_datalink(pcap_t *p, int dlt) int i; const char *dlt_name; + if (dlt < 0) + goto unsupported; + if (p->dlt_count == 0 || p->set_datalink_op == NULL) { /* * We couldn't fetch the list of DLTs, or we don't @@ -990,7 +1023,7 @@ pcap_set_datalink(pcap_t *p, int dlt) return (0); } for (i = 0; i < p->dlt_count; i++) - if (p->dlt_list[i] == dlt) + if (p->dlt_list[i] == (u_int)dlt) break; if (i >= p->dlt_count) goto unsupported; diff --git a/sf-pcap-ng.c b/sf-pcap-ng.c index ea44da91..c9b282ac 100644 --- a/sf-pcap-ng.c +++ b/sf-pcap-ng.c @@ -1107,7 +1107,7 @@ pcap_ng_next_packet(pcap_t *p, struct pcap_pkthdr *hdr, u_char **data) * and the packet length. */ hdr->caplen = hdr->len; - if (hdr->caplen > p->snapshot) + if (hdr->caplen > (bpf_u_int32)p->snapshot) hdr->caplen = p->snapshot; t = 0; /* no time stamps */ goto found; @@ -1173,7 +1173,7 @@ pcap_ng_next_packet(pcap_t *p, struct pcap_pkthdr *hdr, u_char **data) idbp->linktype); return (-1); } - if (p->snapshot != idbp->snaplen) { + if ((bpf_u_int32)p->snapshot != idbp->snaplen) { pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "an interface has a snapshot length %u different from the type of the first interface", idbp->snaplen); @@ -876,13 +876,13 @@ pcap_dump_open_append(pcap_t *p, const char *fname) fclose(f); return (NULL); } - if (linktype != ph.linktype) { + if ((bpf_u_int32)linktype != ph.linktype) { pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "%s: different linktype, cannot append to file", fname); fclose(f); return (NULL); } - if (p->snapshot != ph.snaplen) { + if ((bpf_u_int32)p->snapshot != ph.snaplen) { pcap_snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "%s: different snaplen, cannot append to file", fname); fclose(f); |