Comment # 9
on bug 8592
from Evan Huus
Hi Brian, thanks for the updated patch, it looks much better. Still just a
couple of issues:
packet-dhcpv6.c:681: warning: unused parameter 'replacement'
packet-dhcpv6.c: In function 'dissect_packetcable_cccV6_option':
packet-dhcpv6.c:945: warning: unused variable 'pi_tmp'
In the inner-most loop of swap_field_length_with_char, is there a reason not to
extract the entire next_length characters at once instead of one character at a
time? The code as is looks perfectly correct, it just seemed a bit odd.
The device_type buffer is never modified - it is simply read from the packet
and then referenced, so it is perfectly fine to just use a char* and directly
assign the result of tvb_get_ephemeral_string (sorry if I was unclear). The
strbufs are only useful when you're modifying the strings, so you don't have to
manually track offsets.
In case CL_OPTION_TLV5 the loop variable tlv5_counter can overflow on a crafted
packet, leading to an infinite loop bug. Please either check for overflow or
make it a sufficiently large type that it won't overflow before the loop
terminates.
Thanks,
Evan
You are receiving this mail because:
- You are watching all bug changes.