sanity check for a fake HIP configuration packet
Bug #949734 reported by
Raimondas Sasnauskas
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
HIPL |
Fix Committed
|
Undecided
|
Xin |
Bug Description
When testing HIP association establishment using symbolic execution, I came across the following scenario. If the initial (correct) I1 packet contains 0x10 in the header field ver_res instead of 0x11, it is first identified as a configuration packet (HIP_USER_VER_RES is 0x10) and afterwards fails a sanity check on packet length (lib/core/
HIP_IFEL(len != hip_get_
len, plen);
I think that this assertion shouldn't fire for such a packet at this place, right?
Related branches
Changed in hipl: | |
assignee: | nobody → Xin (eric-nevup) |
status: | New → Confirmed |
Changed in hipl: | |
status: | Confirmed → Fix Committed |
To post a comment you must log in.