setfilter causes core on Solaris

[Andy Howell <AndyHowell () raitechnology com>]

I'm using pcap_dispatch to call my callback. Inside the callback, I may 
set a new filter. This results in a core dump in bpf_filter.c, line 239. 
Its calling abort because of a bad filter code. This will only happen 
with a live capture.

The bug is actually in pcap-dlpi.c. It keeps a pointer to the filter 
code. Unfortunately the pointer never gets reset as long as there are 
packets to read. Adding:

fcode = p->fcode.bf_insns;

after the callback returns takes care of the issue. I've attached a 
patch and posted it as 1844245.

Regards,

        Andy

*** pcap-dlpi.c.orig    Sun Dec  2 01:23:37 2007
--- pcap-dlpi.c Sun Dec  2 01:25:39 2007
***************
*** 359,364 ****
--- 359,365 ----
                        if (pkthdr.caplen > p->snapshot)
                                pkthdr.caplen = p->snapshot;
                        (*callback)(user, &pkthdr, pk);
+                       fcode = p->fcode.bf_insns;
                        if (++n >= cnt && cnt >= 0) {
                                p->cc = ep - bp;
                                p->bp = bp;
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.