Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 4300] DTN: Bundle Protocol Control flag length check is incorrect

Wireshark-bugs: [Wireshark-bugs] [Bug 4300] DTN: Bundle Protocol Control flag length check is in

Date: Wed, 22 Dec 2010 03:51:32 -0800 (PST)

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4300

--- Comment #7 from Jaap Keuter <jaap.keuter@xxxxxxxxx> 2010-12-22 12:51:28 CET ---
(In reply to comment #6)
> sdnv_length is a variable field so it is fine to check if sdnv_length < 1, but 
> "sdnv_length < 1 || sdnv_length > 4" is not correct because there is a
> possibility that the length will be greater than 4.

Currently (r35242) the check is for '< 1' (which signals an error condition in
the SDNV decoder), and '> sizeof(gint64)' (in evaluate_sdnv_64()). As far as I
can tell this is at least enough to hold the bundle processing control flags. 

In theory the SDNV could be longer than that (imagine near infinite leading
zeros), but we have to cross over into fixed size types somewhere, so a size
limit has to be imposed.

As far as I'm concerned this bug can be closed as 'FIXED'.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

Prev by Date: [Wireshark-bugs] [Bug 5514] GIT : malformed packet
Next by Date: [Wireshark-bugs] [Bug 5514] GIT : malformed packet
Previous by thread: [Wireshark-bugs] [Bug 4300] DTN: Bundle Protocol Control flag length check is incorrect
Next by thread: [Wireshark-bugs] [Bug 4300] DTN: Bundle Protocol Control flag length check is incorrect
Index(es):
- Date
- Thread