Wireshark-bugs: [Wireshark-bugs] [Bug 4300] DTN: Bundle Protocol Control flag length check is in
Date: Wed, 22 Dec 2010 03:51:32 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4300

--- Comment #7 from Jaap Keuter <[email protected]> 2010-12-22 12:51:28 CET ---
(In reply to comment #6)
> sdnv_length is a variable field so it is fine to check if sdnv_length < 1, but 
> "sdnv_length < 1 || sdnv_length > 4" is not correct because there is a
> possibility that the length will be greater than 4.

Currently (r35242) the check is for '< 1' (which signals an error condition in
the SDNV decoder), and '> sizeof(gint64)' (in evaluate_sdnv_64()). As far as I
can tell this is at least enough to hold the bundle processing control flags. 

In theory the SDNV could be longer than that (imagine near infinite leading
zeros), but we have to cross over into fixed size types somewhere, so a size
limit has to be imposed.

As far as I'm concerned this bug can be closed as 'FIXED'.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.