Resource leak caused by the mismatch of pcap_create and pcap_close

Hi,
 I have found that if call `pcap_close()` intermediatly after the `pcap_create()` could cause a eventfd leak.

The example code is:
```
    if (pcap_findalldevs(&devs, errbuf) == -1) {
     ...
    }
    // Open first device for capturing
    handle = pcap_create(devs->name, errbuf);
    //pcap_activate(handle);
    pcap_close(handle);   
```

My environment :
OS: CentOS 5.4
Run with non-privileged user account

Rerpoduce:
In 
[poc.zip](https://github.com/the-tcpdump-group/libpcap/files/13456803/poc.zip).

<img width="691" alt="fd_leak" src="https://github.com/the-tcpdump-group/libpcap/assets/142886726/6d548f37-b863-491a-9845-91203cd429db">


I have noticed that [pcap_create](https://www.tcpdump.org/manpages/pcap_create.3pcap.html) has announced:
>The returned handle must be activated with [pcap_activate](https://www.tcpdump.org/manpages/pcap_activate.3pcap.html)(3PCAP) before packets can be captured with it;

Actually, the leak was disappeared if i called `pcap_activate(handle);` after the `pcap_create()`.
But, for general use, the `pcap_create` and `pcap_close` should be match, regardless whether we use or not use the returned handler.




Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Resource leak caused by the mismatch of pcap_create and pcap_close #1233

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Resource leak caused by the mismatch of pcap_create and pcap_close #1233

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions