https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5521
Chris Maynard <christopher.maynard@xxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #5670| |review_for_checkin?
Flag| |
--- Comment #5 from Chris Maynard <christopher.maynard@xxxxxxxxx> 2010-12-27 13:45:34 PST ---
Created an attachment (id=5670)
--> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5670)
Some minimal sanity checking of reception claim count.
According to http://tools.ietf.org/html/rfc5326#section-3.2.2, "Each reception
claim comprises two elements: offset and length." Both of these are themselves
SDNV's. Being very conservative, I assume that the minimum number of bytes
consumed by each is 1. The patch therefore extends the rcpt_clm_cnt sanity
checking to not only check against negative values, but also to check that
rcpt_clm_cnt does not exceed the number of bytes remaining in the tvb divided
by the minimum number of bytes per claim (2).
I know nothing of this protocol, so maybe someone could confirm if this extra
checking is acceptable or not before commit?
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.