Hi Harald,
I have a stack corruption due the above method and here is my analysis of the
problem...
set_system_infos is having a u_int8_t array with 23 bytes on the stack and is
asking to generate system infos into this array...
Now what happens is:
1.) some system information types structs are already bigger
than the 23 bytes...
2.) this does not take the rest octets into account..
I would like to fix it like this:
1.) Turn bitvec_spare_padding to return void
2.) In the rest_octets_siX method return the bit_vec.data_len
3.) Change the generate_siX to return the sizeof the struct
+ return value of the rest_octets_siX instead of the fixed
MACBLOCK_LEN (23)
4.) always use this rc value instead of the size of the buffer...
(due to 1. of the above we set truncated values as well)
do you have a better idea? would you just increase the buffer size?
z.