I wouldn't have thought it possible to generate a negative-sized request...
One of my pet peeves is fixed-length buffers in C code, of some size that (thankfully, it's checked to prevent going off the end - most of the time, at least...) has no real justification documented anywhere - "why use 72 bytes and not e.g. 80? Why 999, and not 1000 or 1024?" If you're going to use C, I think you should be paying more attention to memory allocation and how big things like requests/responses can be; otherwise, you should use a "safer" language possibly with dynamic allocation that can handle any size... but on a constrained system like a router that may not be possible (or it'll just turn into an opportunity for OOM DoS.)
Common Vulnerabilities and Exploits - https://cve.mitre.org/. There are various aggregators of these. For *nix exploits, various distros will have bugs that (mostly) map to CVEs - e.g. Debian has DSAs.
[+] [-] userbinator|11 years ago|reply
I wouldn't have thought it possible to generate a negative-sized request...
One of my pet peeves is fixed-length buffers in C code, of some size that (thankfully, it's checked to prevent going off the end - most of the time, at least...) has no real justification documented anywhere - "why use 72 bytes and not e.g. 80? Why 999, and not 1000 or 1024?" If you're going to use C, I think you should be paying more attention to memory allocation and how big things like requests/responses can be; otherwise, you should use a "safer" language possibly with dynamic allocation that can handle any size... but on a constrained system like a router that may not be possible (or it'll just turn into an opportunity for OOM DoS.)
[+] [-] mihok|11 years ago|reply
[+] [-] voltagex_|11 years ago|reply
[+] [-] colinbartlett|11 years ago|reply