TCP EOL option pad_len is in bits, not bytes
| Affects | Status | Importance | Assigned to | Milestone | ||
|---|---|---|---|---|---|---|
| rohc | Status tracked in Rohc-main | |||||
| Rohc-1.7.x |
Won't Fix
|
Medium
|
Didier Barvaux | |||
| Rohc-main |
Fix Released
|
Medium
|
Didier Barvaux | |||
Bug Description
Hello,
there is a conformance issue in d_tcp_parse_
The pad_len is transmitted, for what reason ever, in bits, not bytes.
See rfc:
// nbits is bound to the remaining length (in bits) of TCP
// options, including the EOL type byte.
tcp_opt_eol(nbits)
{
...
COMPRESSED eol_list_item {
pad_len =:= compressed_value(8, nbits-8) [ 8 ];
}
...
}
Therefore I suggest this change:
diff --git a/src/decomp/
index 0fef714..0bf92f6 100644
--- a/src/decomp/
+++ b/src/decomp/
@@ -776,7 +776,15 @@ static int d_tcp_parse_
goto error;
}
- eol_uncomp_len = data[0] + 1;
+ if ((data[0] % 8) != 0)
+ {
+ rohc_decomp_
+ "items: TCP EOL option has malformed pad_len %u bits, "
+ "not divisible by 8 (uncompleted byte)", data[0]);
+ goto error;
+ }
+
+ eol_uncomp_len = (data[0] / 8) + 1;
if(eol_uncomp_len > max_opt_len)
{
rohc_
A test could be ipv4/tcp/afl11.
The second packet contains an EOL option.
Best,
Klaus Warnke
| tags: | added: tcp |
| Didier Barvaux (didier-barvaux) wrote | #1 |
| tags: | added: conformance library |
| Didier Barvaux (didier-barvaux) wrote | #2 |
You're right. My bad :-/
Your patch looks good. I'll add the compressor part, then push the fix in master for the 2.0.0 release.
Thank you for the report!