Wireshark-bugs: [Wireshark-bugs] [Bug 8592] packet-dhcpv6.c, Vendor Specific Information, Cable
Date: Wed, 19 Jun 2013 19:14:10 +0000

Comment # 9 on bug 8592 from
Hi Brian, thanks for the updated patch, it looks much better. Still just a
couple of issues:

packet-dhcpv6.c:681: warning: unused parameter 'replacement'
packet-dhcpv6.c: In function 'dissect_packetcable_cccV6_option':
packet-dhcpv6.c:945: warning: unused variable 'pi_tmp'

In the inner-most loop of swap_field_length_with_char, is there a reason not to
extract the entire next_length characters at once instead of one character at a
time? The code as is looks perfectly correct, it just seemed a bit odd.

The device_type buffer is never modified - it is simply read from the packet
and then referenced, so it is perfectly fine to just use a char* and directly
assign the result of tvb_get_ephemeral_string (sorry if I was unclear). The
strbufs are only useful when you're modifying the strings, so you don't have to
manually track offsets.

In case CL_OPTION_TLV5 the loop variable tlv5_counter can overflow on a crafted
packet, leading to an infinite loop bug. Please either check for overflow or
make it a sufficiently large type that it won't overflow before the loop
terminates.

Thanks,
Evan


You are receiving this mail because:
  • You are watching all bug changes.