Re: [PATCH ulogd2 v2] pcap: prevent crashes when output `FILE *` is null

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2023-03-15, at 22:44:47 +0100, Florian Westphal wrote:
> Jeremy Sowden <jeremy@xxxxxxxxxx> wrote:
> > If ulogd2 receives a signal it will attempt to re-open the pcap output
> > file.  If this fails (because the permissions or ownership have changed
> > for example), the FILE pointer will be null and when the next packet
> > comes in, the null pointer will be passed to fwrite and ulogd will
> > crash.
> > 
> > Instead, check that the pointer is not null before using it.  If it is
> > null, then periodically attempt to open it again.  We only return an
> > error from interp_pcap on those occasions when we try and fail to open
> > the output file, in order to avoid spamming the ulogd log-file every
> > time a packet isn't written.
> 
> I think its better to fix this at the source, i.e. in
> signal_handler_task().  It should probably *first* try to open the file,
> and only close the old one if that worked.
> 
> Does that make sense to you?

Yeah, that would be simpler.  v3 to follow.

J.

Attachment: signature.asc
Description: PGP signature


[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux