tcpdump mailing list archives

Re: CVS radius code seems flawed

From: Jonathan Heusser <jonny () drugphish ch>
Date: Fri, 23 Jan 2004 12:26:15 +0100

Guy Harris wrote:

-    while (length >= 2) {
+    while (length >= 2 && *data) {


"Termination" in what sense?  RFC 2865 says

  String

     The String field is one or more octets.  The actual format of the
     information is site or application specific, and a robust
     implementation SHOULD support the field as undistinguished octets.
     [...]

Is there something that indicates that a vendor type value of 0
terminates the sequence?

Ok, I might be wrong with my 0 termination approach. Anyway
there should be some kind of boundary check for 'data'.

--
Key fingerprint = 2A55 EB7C B7EA 6336 7767  4A47 910A 307B 1333 BD6C

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe

Current thread:

CVS radius code seems flawed Jonathan Heusser (Jan 22)
- Re: CVS radius code seems flawed Guy Harris (Jan 23)
  - Re: CVS radius code seems flawed Jonathan Heusser (Jan 23)
    - Message not available
    - Message not available
    - Re: CVS radius code seems flawed Hannes Gredler (Jan 25)
    - Re: CVS radius code seems flawed Jonathan Heusser (Jan 25)