On Wed, 2011-11-23 at 01:43 +0900, Kazuyoshi Aizawa wrote:
> + while (left > 0){
> + int iplen;
> + iphdr = (struct ip *) pkt;
> + iplen = ntohs(iphdr->ip_len);
What guarantee is thare that 'left' is more than one byte, if it's
non-zero? You're reading bytes 3 and 4... and for IPv6 we'll need to
read bytes 5 and 6.
If that's something that's guaranteed, that's fine. Otherwise, we'll
need to cope with the case where we have read *something* of the next
packet, but not yet enough to know its length.
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5818 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20111123/b1f89216/attachment.bin>
