aboutsummaryrefslogtreecommitdiff
path: root/Documentation/SecurityBugs
diff options
context:
space:
mode:
authorGerrit Renker <gerrit@erg.abdn.ac.uk>2008-08-23 13:28:27 +0200
committerGerrit Renker <gerrit@erg.abdn.ac.uk>2008-08-27 07:21:59 +0200
commit1efa6bbac876318ebf6f3a757f18e7d9ebe02dd0 (patch)
treecabb87a852669d7505750efa26072daf26b2b217 /Documentation/SecurityBugs
parent33c449675c0e371edd35b3bd7ce8a14451ff2f0b (diff)
dccp: Silently ignore options with nonsensical lengths
This updates the option-parsing code with regard to RFC 4340, 5.8: "[..] options with nonsensical lengths (length byte less than two or more than the remaining space in the options portion of the header) MUST be ignored, and any option space following an option with nonsensical length MUST likewise be ignored." Hence in the following cases erratic options will be ignored: 1. The type byte of a multi-byte option is the last byte of the header options (i.e. effective option length of 1). 2. The value of the length byte is less than the minimum 2. This has been changed from previously 3: although no multi-byte option with a length less than 3 yet exists (cf. table 3 in 5.8), a length of 2 is valid. (The switch-statement in dccp_parse has further per-option length checks.) 3. The option length exceeds the length of the remaining option space. Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Diffstat (limited to 'Documentation/SecurityBugs')
0 files changed, 0 insertions, 0 deletions