<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Ray, Timothy J. (GSFC-583.0) wrote:
<blockquote
cite="mid:C3B9C435D7725E4EABE2B62200A42C127CD508@NDMSEVS36A.ndc.nasa.gov"
type="cite">
<meta http-equiv="Content-Type" content="text/html; ">
<meta name="Generator" content="Microsoft Word 11 (filtered)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"MS Mincho";
panose-1:2 2 6 9 4 2 5 8 3 4;}
@font-face
{font-family:"\@MS Mincho";
panose-1:2 2 6 9 4 2 5 8 3 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
p.StyleParagraph4Kernat14pt, li.StyleParagraph4Kernat14pt, div.StyleParagraph4Kernat14pt
{margin-top:12.0pt;
margin-right:0in;
margin-bottom:0in;
margin-left:0in;
margin-bottom:.0001pt;
text-align:justify;
line-height:14.0pt;
font-size:12.0pt;
font-family:"Times New Roman";}
span.EmailStyle18
{font-family:Arial;
color:windowtext;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
/* List Definitions */
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
-->
</style>
<div class="Section1">
<p class="MsoNormal"><font face="Arial" size="2"><span
style="font-size: 10pt; font-family: Arial;">Dear WG Members,</span></font></p>
<p class="MsoNormal"><font face="Arial" size="2"><span
style="font-size: 10pt; font-family: Arial;"> </span></font></p>
<p class="MsoNormal"><font face="Arial" size="2"><span
style="font-size: 10pt; font-family: Arial;">In my implementation, I
am trying to thoroughly validate
each incoming Meta-AMS protocol message (MPDU). The primary goal is to
avoid program crashes that can occur when an attempt is made to access
an array
element beyond the end of the array’s allocated memory. For
example, if the supplementary data includes a field that is supposed to
be a
null-terminated character string, but the null-terminator is missing,
avoid any
attempts to access past the end of the entire array allocated to hold
the raw
MPDU bytes.</span></font></p>
<p class="MsoNormal"><font face="Arial" size="2"><span
style="font-size: 10pt; font-family: Arial;"> </span></font></p>
<p class="MsoNormal"><font face="Arial" size="2"><span
style="font-size: 10pt; font-family: Arial;">I’m finding it quite
complex to validate MPDUs whose
supplementary data includes null-terminated strings (especially if the
strings
are buried within arrays of structures containing sub-structures).
Validation would be much simpler if, instead of adding a one-byte null
terminator at the end of each string, we added a one-byte length field
at the
beginning of each string. (It would also be possible to add the
one-byte
length field and keep the null terminator, although that seems
redundant).</span></font></p>
<p class="MsoNormal"><font face="Arial" size="2"><span
style="font-size: 10pt; font-family: Arial;"> </span></font></p>
<p class="MsoNormal"><font face="Arial" size="2"><span
style="font-size: 10pt; font-family: Arial;">Any thoughts/comments?</span></font></p>
</div>
</blockquote>
I kind of like this idea, though I know it would have an impact on
everybody's implementation work. It would be not much harder to write
up in the spec, it would consume no additional bandwidth (assuming the
string length byte was instead of, rather than in addition to, the NULL
string terminator), and it could very well make validation simpler and
therefore make implementations safer.<br>
<br>
But that's easy for me to say, as I'm way behind in retrofitting my
implementation to the Red-2 spec anyway and it would be fairly easy for
me to include this change when I finally get to work. Stuart, Pat,
David, what do you guys think?<br>
<br>
Scott<br>
</body>
</html>