On Wed, Mar 21, 2012 at 07:06:32PM -0300, Johan Hedberg wrote: > Looks like the original code is indeed buggy, no idea how I didn't > notice something that obvious. Your patch does however seem to change > the behavior a bit, a valid tag would be detected even though its length > would be invalid (pointing outside of the supplied data). Not sure if > that's so critical though since the important thing is to keep the code > from doing anything nasty when supplied invalid data. > We should check the length. It will just cause headaches if we don't. It would be simple enough for me to put back the check I removed from the middle of the loop. But the thing is I wasn't sure how all the + 1 and - 1 things fit together so I didn't feel good about signing off on this. Could you send a patch? That way I get a reported-by tag but if there are any problems you get blamed while I deny knowing anything about it. ;) regards, dan carpenter
Attachment:
signature.asc
Description: Digital signature
