tcpdump mailing list archives
Re: [tcpdump] Sanity check on major/minor libpcap version
From: Michael Richardson <mcr () sandelman ca>
Date: Thu, 08 Oct 2015 14:33:50 -0400
<fx.lebail () yahoo com> wrote:
> Using pcap_major_version() and pcap_minor_version()) in tcpdump when
> reading a file, I found:
> Most pcap file have major.minor: 2.4 (current PCAP_VERSION_MAJOR and
> PCAP_VERSION_MINOR),
> a few have: 1.0 (ahcp.pcap, hdlc_slarp.pcap, msnlb2.pcap,
> of10_7050q.pcap and ospf3_auth.pcap), one have: 12336.12336
> (cve2015-0261-crash.pcap), doubtless via fuzzing.
> To avoid case like the last, I'm thinking of adding a sanity check on
> major/minor.
> Hence my question:
> What are the pairs major / minor to authorize currently?
I think that as long as major <= PCAP_VERSION_MAJOR, we are good.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] mcr () sandelman ca http://www.sandelman.ca/ | ruby on rails [
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Current thread:
- Re: [tcpdump] Sanity check on major/minor libpcap version Michael Richardson (Oct 08)
- Re: [tcpdump] Sanity check on major/minor libpcap version Guy Harris (Oct 08)
- Re: [tcpdump] Sanity check on major/minor libpcap version Michael Richardson (Oct 08)
- Re: [tcpdump] Sanity check on major/minor libpcap version Francois-Xavier Le Bail (Oct 08)
- Re: [tcpdump] Sanity check on major/minor libpcap version Michael Richardson (Oct 08)
- Re: [tcpdump] Sanity check on major/minor libpcap version Guy Harris (Oct 08)