[Sis-ams] validation of Meta-AMS PDUs

Edell, David J. David.Edell at jhuapl.edu
Wed Jun 25 12:33:57 EDT 2008 

It sounds good to me.  Explicit length definitions always look cleaner
to me than a series of null-terminated strings. Then again, in my
initial single-processor focused message queue implementation, I haven't
actually had a need to process many of the null-terminated string
fields.  
 
For error checking though, don't we already have a total "Length of
supplementary data" field in the header, which should be used for
failsafe validation.  Also, from a standards point of view, I believe
NULL-terminated strings are generally more commonly used for variable
sized strings, with or without accompanying length fields.
 
- David

________________________________

From: sis-ams-bounces at mailman.ccsds.org
[mailto:sis-ams-bounces at mailman.ccsds.org] On Behalf Of Scott Burleigh
Sent: Wednesday, June 25, 2008 11:32 AM
To: Ray, Timothy J. (GSFC-583.0)
Cc: sis-ams at mailman.ccsds.org
Subject: Re: [Sis-ams] validation of Meta-AMS PDUs


Ray, Timothy J. (GSFC-583.0) wrote: 

	Dear WG Members,

	 

	In my implementation, I am trying to thoroughly validate each
incoming Meta-AMS protocol message (MPDU).  The primary goal is to avoid
program crashes that can occur when an attempt is made to access an
array element beyond the end of the array's allocated memory.  For
example, if the supplementary data includes a field that is supposed to
be a null-terminated character string, but the null-terminator is
missing, avoid any attempts to access past the end of the entire array
allocated to hold the raw MPDU bytes.

	 

	I'm finding it quite complex to validate MPDUs whose
supplementary data includes null-terminated strings (especially if the
strings are buried within arrays of structures containing
sub-structures).  Validation would be much simpler if, instead of adding
a one-byte null terminator at the end of each string, we added a
one-byte length field at the beginning of each string.  (It would also
be possible to add the one-byte length field and keep the null
terminator, although that seems redundant).

	 

	Any thoughts/comments?

I kind of like this idea, though I know it would have an impact on
everybody's implementation work.  It would be not much harder to write
up in the spec, it would consume no additional bandwidth (assuming the
string length byte was instead of, rather than in addition to, the NULL
string terminator), and it could very well make validation simpler and
therefore make implementations safer.

But that's easy for me to say, as I'm way behind in retrofitting my
implementation to the Red-2 spec anyway and it would be fairly easy for
me to include this change when I finally get to work.  Stuart, Pat,
David, what do you guys think?

Scott

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ccsds.org/pipermail/sis-ams/attachments/20080625/8c775f09/attachment.html

More information about the Sis-ams mailing list