Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
(for 4.9.3) CVE-2018-16227/IEEE 802.11: add a missing bounds check
ieee802_11_print() tried to access the Mesh Flags subfield of the Mesh Control field to find the size of the latter and increment the expected 802.11 header length before checking it is fully present in the input buffer. Add an intermediate bounds check to make it safe. This fixes a buffer over-read discovered by Ryan Ackroyd. Add a test using the capture file supplied by the reporter(s).
- Loading branch information
1 parent
83a412a
commit 4846b3c
Showing
4 changed files
with
8 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
3472328296059908144us tsft 24.0 Mb/s 12334 MHz Turbo 48dBm noise [|802.11][|802.11] |
Binary file not shown.