Skip to content

Commit a4e1cd1

Browse files
committed
fixed buffer overflow
1 parent aad5f4d commit a4e1cd1

File tree

1 file changed

+15
-11
lines changed

1 file changed

+15
-11
lines changed

Diff for: src/wifipcap/wifipcap.cpp

+15-11
Original file line numberDiff line numberDiff line change
@@ -1492,17 +1492,19 @@ void WifiPacket::handle_prism(const u_char *pc, size_t len)
14921492
prism2_pkthdr hdr;
14931493

14941494
/* get the fields */
1495-
hdr.host_time = EXTRACT_LE_32BITS(pc+32);
1496-
hdr.mac_time = EXTRACT_LE_32BITS(pc+44);
1497-
hdr.channel = EXTRACT_LE_32BITS(pc+56);
1498-
hdr.rssi = EXTRACT_LE_32BITS(pc+68);
1499-
hdr.sq = EXTRACT_LE_32BITS(pc+80);
1500-
hdr.signal = EXTRACT_LE_32BITS(pc+92);
1501-
hdr.noise = EXTRACT_LE_32BITS(pc+104);
1502-
hdr.rate = EXTRACT_LE_32BITS(pc+116)/2;
1503-
hdr.istx = EXTRACT_LE_32BITS(pc+128);
1504-
cbs->HandlePrism( *this, &hdr, pc + 144, len - 144);
1505-
handle_80211(pc+144,len-144);
1495+
if (len>=144){
1496+
hdr.host_time = EXTRACT_LE_32BITS(pc+32);
1497+
hdr.mac_time = EXTRACT_LE_32BITS(pc+44);
1498+
hdr.channel = EXTRACT_LE_32BITS(pc+56);
1499+
hdr.rssi = EXTRACT_LE_32BITS(pc+68);
1500+
hdr.sq = EXTRACT_LE_32BITS(pc+80);
1501+
hdr.signal = EXTRACT_LE_32BITS(pc+92);
1502+
hdr.noise = EXTRACT_LE_32BITS(pc+104);
1503+
hdr.rate = EXTRACT_LE_32BITS(pc+116)/2;
1504+
hdr.istx = EXTRACT_LE_32BITS(pc+128);
1505+
cbs->HandlePrism( *this, &hdr, pc + 144, len - 144);
1506+
handle_80211(pc+144,len-144);
1507+
}
15061508
}
15071509

15081510
///////////////////////////////////////////////////////////////////////////////
@@ -1511,6 +1513,7 @@ void WifiPacket::handle_prism(const u_char *pc, size_t len)
15111513
/// handle each of the packet types
15121514
///
15131515

1516+
/// 2018-08-02: slg - I'm not sure why this is commented out.
15141517
void WifiPacket::handle_ether(const u_char *ptr, size_t len)
15151518
{
15161519
#if 0
@@ -1715,6 +1718,7 @@ void Wifipcap::handle_packet(WifipcapCallbacks *cbs,int header_type,
17151718
break;
17161719
default:
17171720
#if 0
1721+
/// 2018-08-02: slg - I'm also not sure why this is commented out.
17181722
// try handling it as default IP assuming framing is ethernet
17191723
// (this is for testing)
17201724
pkt.handle_ip(packet,header->caplen);

0 commit comments

Comments
 (0)