[Sis-ams] validation of Meta-AMS PDUs

[Scott Burleigh]

Ray, Timothy J. (GSFC-583.0) wrote:
>
> Dear WG Members,
>
>  
>
> In my implementation, I am trying to thoroughly validate each incoming 
> Meta-AMS protocol message (MPDU).  The primary goal is to avoid 
> program crashes that can occur when an attempt is made to access an 
> array element beyond the end of the array's allocated memory.  For 
> example, if the supplementary data includes a field that is supposed 
> to be a null-terminated character string, but the null-terminator is 
> missing, avoid any attempts to access past the end of the entire array 
> allocated to hold the raw MPDU bytes.
>
>  
>
> I'm finding it quite complex to validate MPDUs whose supplementary 
> data includes null-terminated strings (especially if the strings are 
> buried within arrays of structures containing sub-structures).  
> Validation would be much simpler if, instead of adding a one-byte null 
> terminator at the end of each string, we added a one-byte length field 
> at the beginning of each string.  (It would also be possible to add 
> the one-byte length field and keep the null terminator, although that 
> seems redundant).
>
>  
>
> Any thoughts/comments?
>
I kind of like this idea, though I know it would have an impact on 
everybody's implementation work.  It would be not much harder to write 
up in the spec, it would consume no additional bandwidth (assuming the 
string length byte was instead of, rather than in addition to, the NULL 
string terminator), and it could very well make validation simpler and 
therefore make implementations safer.

But that's easy for me to say, as I'm way behind in retrofitting my 
implementation to the Red-2 spec anyway and it would be fairly easy for 
me to include this change when I finally get to work.  Stuart, Pat, 
David, what do you guys think?

Scott
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ccsds.org/pipermail/sis-ams/attachments/20080625/482b3210/attachment.htm