Max Kellermann wrote: > On 2008/01/23 13:29, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: >> I have kept remain signed since a malformed header can result in an >> overflow. > > How? And how will making it signed help? Indeed. This doesn't make any sense. I thought that if net->len may be bigger than remain, thus remain becomes negative and we stop looping. But this condition is never true since we have already checked that net->len <= remain in the beginning of the loop. I have changed remain to size_t. -- "Los honestos son inadaptados sociales" -- Les Luthies - To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html