Project

General

Profile

Actions

Task #7965

open

decode/ipv4: track EOL options TODOs

Added by Juliana Fajardini Reichow 2 days ago.

Status:
New
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

When the engine checks for IPv4 options, there are a couple of TODOs connected to
EOL (end of options list) that should be checked, to ensure there isn't a window for data leakage or sneaking, here. Also confirm whether it is possible to have other headers after EOL, or when EOL is required but not present?
(from the code):

/** \todo What if padding is non-zero (possible covert channel or data leakage)? */
/** \todo Spec seems to indicate EOL required if there is padding */

No data to display

Actions

Also available in: Atom PDF