Ethereal: Re: [Ethereal-dev] Malformed packet

Ethereal-dev: March 2003

Subject: Re: [Ethereal-dev] Malformed packet
From: Guy Harris <guy@xxxxxxxxxx>
Date: Wed, 26 Mar 2003 12:19:38 -0800

On Wed, Mar 26, 2003 at 11:26:44AM -0800, Guy Harris wrote:
> So you're adding the length of the option to the offset - but you're
> also subtracting from the payload length the length of the option, so
> the loop shouldn't be checking whether "header_len-offset" is 0.  You
> should either
> 
> 	1) subtract from the header length the length of the option, and
> 	   check whether the header length is 0
> 
> or
> 
> 	2) leave the header length alone and check whether the offset
> 	   *relative to the beginning of the option data* is greater
> 	   than or equal to the header length.
> 
> I'd go with the first of those choices.

...but, when doing so, make sure that the length of the option isn't
greater than the length remaining in the header, so that the subtraction
doesn't underflow *and* so that you detect a bogus packet.

References:
- [Ethereal-dev] Malformed packet
  - From: ana
- Re: [Ethereal-dev] Malformed packet
  - From: Guy Harris

Prev by Date: Re: [Ethereal-dev] Win32 file version
Next by Date: [Ethereal-dev] packet-wsp.c - parameter decoding
Previous by thread: Re: [Ethereal-dev] Malformed packet
Next by thread: [Ethereal-dev] patch to packet-sccp.c (correct endianism and handling of LUDT/LUDTS pointers)
Index(es):
- Date
- Thread