Wireshark · Ethereal-dev: Re: [Ethereal-dev] Malformed packet

[Guy Harris <guy@xxxxxxxxxx>]

On Wed, Mar 26, 2003 at 11:26:44AM -0800, Guy Harris wrote:
> So you're adding the length of the option to the offset - but you're
> also subtracting from the payload length the length of the option, so
> the loop shouldn't be checking whether "header_len-offset" is 0.  You
> should either
> 
> 	1) subtract from the header length the length of the option, and
> 	   check whether the header length is 0
> 
> or
> 
> 	2) leave the header length alone and check whether the offset
> 	   *relative to the beginning of the option data* is greater
> 	   than or equal to the header length.
> 
> I'd go with the first of those choices.

...but, when doing so, make sure that the length of the option isn't
greater than the length remaining in the header, so that the subtraction
doesn't underflow *and* so that you detect a bogus packet.