Presentation Layer, Summary

The previous sections concentrated on presentation layer issues, and discussed various problems that occur when not being careful enough when dissecting packets. Here's a sort of laundry list that you should apply when writing your own presentation layer code:

Data size issues

Never assume that variable length data items received from the network fit into certain buffers just because that's what they should do. If you're using a programming language such as C, always NUL-terminate strings extracted from the packet.

Signedness problems

When extracting counted items (strings, arrays, etc) from a packet, either explicitly make sure that the count does not become negative, or always use unsigned variables.

Word size problems

Any checks that have a bearing on the application's security should be made after converting data to the canonical host format. For instance, user IDs should be assigned to a variable of type uid_t, and file names from HTTP requests should be unquoted exactly once.

Packet boundary issues

It is a good idea to have a set of function that deal with ``network buffers.'' You can verify the correctness of these functions a lot more easily than by going through all the packet handling code line by line.

An implementation of such a library is available from XXX: probably need to write one myself.