From: Victor Julien Date: Tue, 23 Oct 2018 12:51:25 +0000 (+0200) Subject: pcap: fix buffer size validation logic X-Git-Tag: suricata-4.0.6~21 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6a73e17fc4f37614ab1d099bb51a505911bf3076;p=thirdparty%2Fsuricata.git pcap: fix buffer size validation logic --- diff --git a/src/runmode-pcap.c b/src/runmode-pcap.c index 684218acba..31e0f63af1 100644 --- a/src/runmode-pcap.c +++ b/src/runmode-pcap.c @@ -99,8 +99,14 @@ static void *ParsePcapConfig(const char *iface) aconf->buffer_size = 0; /* If set command line option has precedence over config */ if ((ConfGetInt("pcap.buffer-size", &value)) == 1) { - SCLogInfo("Pcap will use %d buffer size", (int)value); - aconf->buffer_size = value; + if (value >= 0 && value <= INT_MAX) { + SCLogInfo("Pcap will use %d buffer size", (int)value); + aconf->buffer_size = value; + } else { + SCLogWarning(SC_ERR_INVALID_ARGUMENT, "pcap.buffer-size " + "value of %"PRIiMAX" is invalid. Valid range is " + "0-2147483647", value); + } } aconf->checksum_mode = CHECKSUM_VALIDATION_AUTO; diff --git a/src/source-pcap.c b/src/source-pcap.c index 84e9456735..05186add1b 100644 --- a/src/source-pcap.c +++ b/src/source-pcap.c @@ -420,9 +420,8 @@ TmEcode ReceivePcapThreadInit(ThreadVars *tv, const void *initdata, void **data) } #ifdef HAVE_PCAP_SET_BUFF ptv->pcap_buffer_size = pcapconfig->buffer_size; - if (ptv->pcap_buffer_size >= 0 && ptv->pcap_buffer_size <= INT_MAX) { - if (ptv->pcap_buffer_size > 0) - SCLogInfo("Going to use pcap buffer size of %" PRId32 "", ptv->pcap_buffer_size); + if (ptv->pcap_buffer_size > 0) { + SCLogInfo("Going to use pcap buffer size of %" PRId32 "", ptv->pcap_buffer_size); int pcap_set_buffer_size_r = pcap_set_buffer_size(ptv->pcap_handle,ptv->pcap_buffer_size); //printf("ReceivePcapThreadInit: pcap_set_timeout(%p) returned %" PRId32 "\n", ptv->pcap_handle, pcap_set_buffer_size_r);