tcpdump mailing list archives
Re: CVS radius code seems flawed
From: Jonathan Heusser <jonny () drugphish ch>
Date: Fri, 23 Jan 2004 12:26:15 +0100
Guy Harris wrote:
- while (length >= 2) { + while (length >= 2 && *data) {"Termination" in what sense? RFC 2865 says String The String field is one or more octets. The actual format of the information is site or application specific, and a robust implementation SHOULD support the field as undistinguished octets. [...] Is there something that indicates that a vendor type value of 0 terminates the sequence?
Ok, I might be wrong with my 0 termination approach. Anyway there should be some kind of boundary check for 'data'. -- Key fingerprint = 2A55 EB7C B7EA 6336 7767 4A47 910A 307B 1333 BD6C - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- CVS radius code seems flawed Jonathan Heusser (Jan 22)
- Re: CVS radius code seems flawed Guy Harris (Jan 23)
- Re: CVS radius code seems flawed Jonathan Heusser (Jan 23)
- Message not available
- Message not available
- Re: CVS radius code seems flawed Hannes Gredler (Jan 25)
- Re: CVS radius code seems flawed Jonathan Heusser (Jan 25)
- Re: CVS radius code seems flawed Jonathan Heusser (Jan 23)
- Re: CVS radius code seems flawed Guy Harris (Jan 23)