diff options
Diffstat (limited to 'print-802_11.c')
| -rw-r--r-- | print-802_11.c | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/print-802_11.c b/print-802_11.c index d8bf039de1ab..50a3e9f596c2 100644 --- a/print-802_11.c +++ b/print-802_11.c @@ -2058,6 +2058,10 @@ ieee802_11_print(netdissect_options *ndo, hdrlen = roundup2(hdrlen, 4); if (ndo->ndo_Hflag && FC_TYPE(fc) == T_DATA && DATA_FRAME_IS_QOS(FC_SUBTYPE(fc))) { + if (caplen < hdrlen + 1) { + ND_PRINT((ndo, "%s", tstr)); + return hdrlen; + } meshdrlen = extract_mesh_header_length(p+hdrlen); hdrlen += meshdrlen; } else @@ -3071,7 +3075,7 @@ print_in_radiotap_namespace(netdissect_options *ndo, return 0; } -static u_int +u_int ieee802_11_radio_print(netdissect_options *ndo, const u_char *p, u_int length, u_int caplen) { @@ -3101,6 +3105,15 @@ ieee802_11_radio_print(netdissect_options *ndo, hdr = (const struct ieee80211_radiotap_header *)p; len = EXTRACT_LE_16BITS(&hdr->it_len); + if (len < sizeof(*hdr)) { + /* + * The length is the length of the entire header, so + * it must be as large as the fixed-length part of + * the header. + */ + ND_PRINT((ndo, "%s", tstr)); + return caplen; + } /* * If we don't have the entire radiotap header, just give up. |