Wireshark-bugs: [Wireshark-bugs] [Bug 5521] Buildbot crash output: randpkt-2010-12-25-25231.pcap
Date: Mon, 27 Dec 2010 13:45:36 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5521

Chris Maynard <[email protected]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #5670|                            |review_for_checkin?
               Flag|                            |

--- Comment #5 from Chris Maynard <[email protected]> 2010-12-27 13:45:34 PST ---
Created an attachment (id=5670)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5670)
Some minimal sanity checking of reception claim count.

According to http://tools.ietf.org/html/rfc5326#section-3.2.2, "Each reception
claim comprises two elements: offset and length."  Both of these are themselves
SDNV's.  Being very conservative, I assume that the minimum number of bytes
consumed by each is 1.  The patch therefore extends the rcpt_clm_cnt sanity
checking to not only check against negative values, but also to check that
rcpt_clm_cnt does not exceed the number of bytes remaining in the tvb divided
by the minimum number of bytes per claim (2). 

I know nothing of this protocol, so maybe someone could confirm if this extra
checking is acceptable or not before commit?

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.