[Sis-ams] validation of Meta-AMS PDUs
Donahue, Pat
pat.donahue at nasa.gov
Wed Jun 25 11:34:37 EDT 2008
I suppose this change would have made things a little easier, but I am
writing against the Feb 2007 Spec, and I am not sure if my bosses will
ever ask me to get up to date with the newest Spec.
Patrick Donahue
(256) 544-5943 office
(256) 721-0726 home
(256) 682-9753 cell
________________________________
From: sis-ams-bounces at mailman.ccsds.org
[mailto:sis-ams-bounces at mailman.ccsds.org] On Behalf Of Scott Burleigh
Sent: Wednesday, June 25, 2008 10:32 AM
To: Ray, Timothy J. (GSFC-583.0)
Cc: sis-ams at mailman.ccsds.org
Subject: Re: [Sis-ams] validation of Meta-AMS PDUs
Ray, Timothy J. (GSFC-583.0) wrote:
Dear WG Members,
In my implementation, I am trying to thoroughly validate
each incoming Meta-AMS protocol message (MPDU). The primary goal is to
avoid program crashes that can occur when an attempt is made to access
an array element beyond the end of the array's allocated memory. For
example, if the supplementary data includes a field that is supposed to
be a null-terminated character string, but the null-terminator is
missing, avoid any attempts to access past the end of the entire array
allocated to hold the raw MPDU bytes.
I'm finding it quite complex to validate MPDUs whose
supplementary data includes null-terminated strings (especially if the
strings are buried within arrays of structures containing
sub-structures). Validation would be much simpler if, instead of adding
a one-byte null terminator at the end of each string, we added a
one-byte length field at the beginning of each string. (It would also
be possible to add the one-byte length field and keep the null
terminator, although that seems redundant).
Any thoughts/comments?
I kind of like this idea, though I know it would have an impact
on everybody's implementation work. It would be not much harder to
write up in the spec, it would consume no additional bandwidth (assuming
the string length byte was instead of, rather than in addition to, the
NULL string terminator), and it could very well make validation simpler
and therefore make implementations safer.
But that's easy for me to say, as I'm way behind in retrofitting
my implementation to the Red-2 spec anyway and it would be fairly easy
for me to include this change when I finally get to work. Stuart, Pat,
David, what do you guys think?
Scott
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ccsds.org/pipermail/sis-ams/attachments/20080625/fc2079d9/attachment.html
More information about the Sis-ams
mailing list