Guy Harris wrote: > > On Dec 17, 2008, at 12:43 PM, Dustin Spicuzza wrote: > >> ... as long as you trust that the header >> values are ok (making sure that they stay in the bounds of the actual >> packet size). > > Don't do that. Check against the incoming caplen, and check the sanity > of length fields.
Thats what I meant (the actual packet size would be the caplen). Sanity was implied as well ;) Dustin -- Innovation is just a problem away - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.