On Wed, 19 Apr 2017, Job Snijders wrote:
> The realisation that a shutdown communication may contain \0 (since NUL is a
> valid UTF-8 char)
\0 isn't a valid UTF-8 character. UTF-8 sets the MSB on code points > 127:
https://en.wikipedia.org/wiki/UTF-8#Description
> The realisation that a shutdown communication may contain \0 (since NUL is a
> valid UTF-8 char), led me to alter the proposed changes. A debugging tool like
> tcpdump should display trash too. This 0003 patch avoids the memset/memcpy and
> can deal with trash in the shutdown communication
On Mon, Apr 17, 2017 at 01:56:17PM -0600, Theo de Raadt wrote:
> + memset(string, 0, 129);
> + memcpy(string, p+1, shutdown_comm_length);
> + safeputs(string);
>
> Please don't copy numbers like that. If
+ memset(string, 0, 129);
+ memcpy(string, p+1, shutdown_comm_length);
+ safeputs(string);
Please don't copy numbers like that. If this is a string, why not
use string functions that gaurantee truncation
Hi all,
Daan Keuper (Computest) was kind enough to review the diff, he pointed
out the following:
safeputs() expects a null-terminated string. Since shutdown_comm_length
won't exceed BGP_NOTIFY_MINOR_CEASE_ADMIN_SHUTDOWN_LEN (128), the
following will ensure a null-terminated string is passed to
Hi OpenBSD,
bgpd(8) as shipped in OpenBSD 6.1 supports draft-ietf-idr-shutdown-07.
The below patch adds support to tcpdump(8) to decode such shutdown
communication.
This is an improved version of the patch proposal I sent in January.
Kind regards,
Job
diff --git
