Other Considerations

Previous page
Table of content
Next page

The text of SDES items is not null-terminated, and manipulating SDES items in languages that assume null- terminated strings requires care. This is a particular problem with C-based implementations , which must take care to ensure that they use lengthchecking string manipulation functions ”for example, strncpy () rather than strcpy () . Careless implementations may be vulnerable to buffer overflow attacks.

The text of SDES items is entered by the user, and thus it cannot be trusted to have safe values. In particular, it may contain metacharacters that have undesirable side effects. For example, some user interface scripting languages allow command substitution to be triggered by metacharacters, potentially giving an attacker the means to execute arbitrary code.

Implementations should not assume that packets are well formed . For example, it might be possible for an attacker to produce packets whose actual length does not correspond to the expected length. Again, there is a potential for buffer overflow attacks against careless implementations.


Previous page
Table of content
Next page
RTP
RTP: Audio and Video for the Internet
ISBN: 0672322498
EAN: 2147483647
Year: 2003
Pages: 108
Authors: Colin Perkins
BUY ON AMAZON
Qshell for iSeries
The .NET Developers Guide to Directory Services Programming
Professional Java Native Interfaces with SWT/JFace (Programmer to Programmer)
Microsoft Windows Server 2003(c) TCP/IP Protocols and Services (c) Technical Reference
Web Systems Design and Online Consumer Behavior
Python Programming for the Absolute Beginner, 3rd Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy