Fix a potential buffer overflow in the 802.11 printer; reported by
authorguy <guy>
Thu, 1 Feb 2007 02:18:45 +0000 (02:18 +0000)
committerguy <guy>
Thu, 1 Feb 2007 02:18:45 +0000 (02:18 +0000)
Moritz Jodeit.

print-802_11.c

index 9fe4c7a704c75c00234f756a549233c6f2fb522e..40b58e4fa7059092e7d6b71eaf3e633a46cd75dc 100644 (file)
@@ -22,7 +22,7 @@
 
 #ifndef lint
 static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/tcpdump/print-802_11.c,v 1.31.2.11 2006-06-13 22:25:43 guy Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/tcpdump/print-802_11.c,v 1.31.2.12 2007-02-01 02:18:45 guy Exp $ (LBL)";
 #endif
 
 #ifdef HAVE_CONFIG_H
@@ -264,7 +264,7 @@ parse_elements(struct mgmt_body_t *pbody, const u_char *p, int offset)
 
                        if (pbody->tim.length <= 3)
                                break;
-                       if (pbody->rates.length > sizeof pbody->tim.bitmap)
+                       if (pbody->tim.length - 3 > sizeof pbody->tim.bitmap)
                                return;
                        if (!TTEST2(*(p + offset), pbody->tim.length - 3))
                                return;