tcpdump mailing list archives
Re: [tcpdump] Sanity check on major/minor libpcap version
From: Michael Richardson <mcr () sandelman ca>
Date: Thu, 08 Oct 2015 14:33:50 -0400
<fx.lebail () yahoo com> wrote: > Using pcap_major_version() and pcap_minor_version()) in tcpdump when > reading a file, I found: > Most pcap file have major.minor: 2.4 (current PCAP_VERSION_MAJOR and > PCAP_VERSION_MINOR), > a few have: 1.0 (ahcp.pcap, hdlc_slarp.pcap, msnlb2.pcap, > of10_7050q.pcap and ospf3_auth.pcap), one have: 12336.12336 > (cve2015-0261-crash.pcap), doubtless via fuzzing. > To avoid case like the last, I'm thinking of adding a sanity check on > major/minor. > Hence my question: > What are the pairs major / minor to authorize currently? I think that as long as major <= PCAP_VERSION_MAJOR, we are good. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] mcr () sandelman ca http://www.sandelman.ca/ | ruby on rails [ _______________________________________________ tcpdump-workers mailing list tcpdump-workers () lists tcpdump org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Current thread:
- Re: [tcpdump] Sanity check on major/minor libpcap version Michael Richardson (Oct 08)
- Re: [tcpdump] Sanity check on major/minor libpcap version Guy Harris (Oct 08)
- Re: [tcpdump] Sanity check on major/minor libpcap version Michael Richardson (Oct 08)
- Re: [tcpdump] Sanity check on major/minor libpcap version Francois-Xavier Le Bail (Oct 08)
- Re: [tcpdump] Sanity check on major/minor libpcap version Michael Richardson (Oct 08)
- Re: [tcpdump] Sanity check on major/minor libpcap version Guy Harris (Oct 08)