On Thu, Jan 22, 2004 at 11:21:33PM +0100, Jonathan Heusser wrote:
> Function print_vendor_attr():
>
> * At print-radius.c:509, the while() loop does not check the data
> pointer for termination.
...
> tok2str(oui_values,"Unknown",vendor_id),
> vendor_id);
>
> - while (length >= 2) {
> + while (length >= 2 && *data) {
> vendor_type = *(data);
> vendor_length = *(data+1);
> data+=2;
"Termination" in what sense? RFC 2865 says
String
The String field is one or more octets. The actual format of the
information is site or application specific, and a robust
implementation SHOULD support the field as undistinguished octets.
The codification of the range of allowed usage of this field is
outside the scope of this specification.
It SHOULD be encoded as a sequence of vendor type / vendor length
/ value fields, as follows. The Attribute-Specific field is
dependent on the vendor's definition of that attribute. An
example encoding of the Vendor-Specific attribute using this
method follows:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Vendor-Id
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Vendor-Id (cont) | Vendor type | Vendor length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Attribute-Specific...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
Multiple subattributes MAY be encoded within a single Vendor-
Specific attribute, although they do not have to be.
Is there something that indicates that a vendor type value of 0
terminates the sequence?
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]
