Kismet Wireless

Kismet Forums

 

Posted by:Faab5
Subject:Possible bug in RingBuffer
Date:10:07:48 02/10/2013

I don't know if this is the right place to do bug report, but I couldn't directly find the proper place so I'll just be bold.

I'm running kismet (2013 R1) server on Ubuntu in conjunction with a set of TPlink APs running kismet drone on OpenWrt. I have an issue where drones get disconnected with an error message "Kismet drone client failed to find the sentinel value in a packet header. This error is fatal because drone reconecting is not enabled".
This error is not the point here though (although any help/suggestions/comments are welcome!). In my search to find out what was happening I was going through the source of the RingBuffer class (ringbuf.cc).
In the method int RingBuffer::InsertData(uint8_t *in_data, int in_len) no data is written if the write operation would wrap to the beginning of the buffer (first if clause) and if then from the beginning continued the write operation would surpass the read-pointer (second nested if clause). That is, no data is written if it would overwrite unread data.
However, it appears to me that this does not take into account the case when the read-pointer is after the write-pointer in the first place (i.e. when the data is already wrapped in the buffer). In this case a big enough write operation could again wrap the buffer AND overwrite unread data. Or am I missing something?

cheerio
faab


Reply to this message