Wireshark-bugs: [Wireshark-bugs] [Bug 3378] New Dissector: Host Identity Protocol
Date: Wed, 17 Mar 2010 14:24:08 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3378

Bill Meier <wmeier@xxxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #4390|review_for_checkin+         |review_for_checkin-
               Flag|                            |

--- Comment #22 from Bill Meier <wmeier@xxxxxxxxxxx> 2010-03-17 14:24:06 PDT ---
(From update of attachment 4390)
Altho I committed the patch I've now reverted it.
There is a compile error (on one of the *nix compilers) to the effect that
"ti_loc" is used when possibly unitialized in the case PARAM_LOCATOR: code in
dissect_hip_tlv.

Looking at the code a bit I see that even if ti_loc is initialized to NULL
under the 'while (tlv_len > 0)', it appears to me that the code will loop if
there's an unexpected/invalid value in the locator_type field.

Did you fuzz-test this patch with a capture which contains a LOCATOR type TLV ?

I suggest looping thru the (sub)tlv's in the LOCATOR parameter advancing by (8
+ the length given in the sub-tlv) so even if there's an unexpected/garbage
locator type/length, you'll always at least advance the pointers so that
eventually there'll be an exception if something is garbage.

--------

On a separate note:

case PARAM_HOST_ID: has
  if (type != PARAM_ENCRYPTED)

This seems not useful since (presumably) we can only get to this case if
type==PARAM_HOST_ID.                  
Please review and submit an updated patch.

Thanks

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.