rpcap: verify control socket status during reception

GabrielGanne · GabrielGanne · commit 5b963e9c8f53 · 2022-02-14T14:57:48.000+01:00
Signed-off-by: Kevin Boulain &lt;kevin.boulain@securactive.net&gt;
Signed-off-by: Gabriel Ganne &lt;gganne@accedian.com&gt;
diff --git a/pcap-rpcap.c b/pcap-rpcap.c
@@ -416,7 +416,12 @@ static int pcap_read_nocb_remote(pcap_t *p, struct pcap_pkthdr *pkt_header, u_ch
 		/*
 		 * 'fp->rmt_sockdata' has always to be set before calling the select(),
 		 * since it is cleared by the select()
+		 *
+		 * While not strictly necessary, it's best to include the control socket.
+		 * It allows us to check for a connection drop as the data socket may use UDP
+		 * and as such, is without any mean to report back any error to the client.
 		 */
+		FD_SET(pr->rmt_sockctrl, &rfds);
 		FD_SET(pr->rmt_sockdata, &rfds);
 
 #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
@@ -439,8 +444,22 @@ static int pcap_read_nocb_remote(pcap_t *p, struct pcap_pkthdr *pkt_header, u_ch
 		}
 	}
 
+	/*
+	 * In the rpcap protocol, once the capture starts, the control socket isn't
+	 * used anymore until the capture ends.
+	 * However, it's the only way to check for connection errors
+	 * as the data socket may uses UDP.
+	 */
+	if (FD_ISSET(pr->rmt_sockctrl, &rfds)) {
+		uint8 byte;
+		const int nread = sock_recv(pr->rmt_sockctrl, pr->ctrl_ssl, &byte, sizeof(byte),
+		    SOCK_MSG_PEEK | SOCK_EOF_IS_ERROR, p->errbuf, PCAP_ERRBUF_SIZE);
+		if (nread == -1)
+			return -1;
+	}
+
 	/* There is no data waiting, so return '0' */
-	if (retval == 0)
+	if (!FD_ISSET(pr->rmt_sockdata, &rfds))
 		return 0;
 
 	/*
