HIPL

sanity check for a fake HIP configuration packet

Bug #949734 reported by Raimondas Sasnauskas on 2012-03-08

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	HIPL	Fix Committed	Undecided	Xin

Bug Description

When testing HIP association establishment using symbolic execution, I came across the following scenario. If the initial (correct) I1 packet contains 0x10 in the header field ver_res instead of 0x11, it is first identified as a configuration packet (HIP_USER_VER_RES is 0x10) and afterwards fails a sanity check on packet length (lib/core/builder.c:1836):

    HIP_IFEL(len != hip_get_msg_total_len(hip_common), -EINVAL,
             "Invalid HIP packet length (%d,%d). Dropping\n",
             len, plen);

I think that this assertion shouldn't fire for such a packet at this place, right?

Related branches

lp:hipl

Xin (eric-nevup) on 2012-03-08

Changed in hipl:
assignee:	nobody → Xin (eric-nevup)
status:	New → Confirmed

Xin (eric-nevup) on 2012-03-08

Changed in hipl:
status:	Confirmed → Fix Committed

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.