Sorry Miroslav again for missing your msg again in Junk box! How about the combination with the length-check mentioned in my last msg?
-----Original Message----- From: Miroslav Lichvar <mlich...@redhat.com> Sent: Friday, February 1, 2019 9:19 AM To: Vincent Li X <vincent.x...@ericsson.com> Cc: Jiri Benc <jb...@redhat.com>; Richard Cochran <richardcoch...@gmail.com>; Mats Bergman H <mats.h.berg...@ericsson.com>; Richard Jönsson <richard.jons...@ericsson.com>; Linuxptp-devel@lists.sourceforge.net Subject: Re: [Linuxptp-devel] ptp4l wrongly takes padding bytes as TLV? On Thu, Jan 31, 2019 at 04:28:30PM +0000, Vincent Li X wrote: > But we still think it's more safe to use header.messageLength instead > of socket count, Msg.c > err = suffix_post_recv(m, cnt - pdulen); ==> > err = suffix_post_recv(m, m->header.messageLength - pdulen); I'm not sure that is more safe. If the field had a large value, it might enable reading of uninitialized data, possibly even past the buffer. A better way is to check the length in each transport specific code and either remove the padding or drop the packet if the transport doesn't allow padding. -- Miroslav Lichvar
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Linuxptp-devel mailing list Linuxptp-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linuxptp-devel
