Sorry Miroslav again for missing your msg again in Junk box! How about the combination with the length-check mentioned in my last msg?
-----Original Message----- From: Miroslav Lichvar <[email protected]> Sent: Friday, February 1, 2019 9:19 AM To: Vincent Li X <[email protected]> Cc: Jiri Benc <[email protected]>; Richard Cochran <[email protected]>; Mats Bergman H <[email protected]>; Richard Jönsson <[email protected]>; [email protected] Subject: Re: [Linuxptp-devel] ptp4l wrongly takes padding bytes as TLV? On Thu, Jan 31, 2019 at 04:28:30PM +0000, Vincent Li X wrote: > But we still think it's more safe to use header.messageLength instead > of socket count, Msg.c > err = suffix_post_recv(m, cnt - pdulen); ==> > err = suffix_post_recv(m, m->header.messageLength - pdulen); I'm not sure that is more safe. If the field had a large value, it might enable reading of uninitialized data, possibly even past the buffer. A better way is to check the length in each transport specific code and either remove the padding or drop the packet if the transport doesn't allow padding. -- Miroslav Lichvar
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Linuxptp-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/linuxptp-devel
