Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
CVE-2017-13008/IEEE 802.11: Fix TIM bitmap copy to copy from p + offset.
offset has already been advanced to point to the bitmap; we shouldn't add the amount to advance again. This fixes a buffer over-read discovered by Brian 'geeknik' Carpenter. Add a test using the capture file supplied by the reporter(s). While we're at it, remove some redundant tests - we've already checked, before the case statement, whether we have captured the entire information element and whether the entire information element is present in the on-the-wire packet; in the cases for particular IEs, we only need to make sure we don't go past the end of the IE.
- Loading branch information
1 parent
ca33619
commit 5edf405
Showing
4 changed files
with
3 additions
and
13 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
fhset 48 fhpat 48 48dBm signal 48dB signal 48dB noise [|802.11]Beacon IBSS, PRIVACY[|802.11] |
Binary file not shown.