packages/wireshark
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
wireshark/wireshark-CVE-2018-16057.patch
gu-gu-gu 2cdf36b8a8 wireshark:openEuler init
2019-12-02 20:44:06 +08:00

47 lines
1.7 KiB
Diff
Raw Blame History

From 739eebd3d2e39db63c959eb99291edf59647ed6d Mon Sep 17 00:00:00 2001
From: Pascal Quantin <pascal.quantin@gmail.com>
Date: Wed, 8 Aug 2018 16:45:21 +0200
Subject: [PATCH] 802.11 Radiotap: add more bound checks in
ieee80211_radiotap_iterator_next()
Bug: 15022
Change-Id: Ife413312c88b8d78926c78bdb6707903257e7964
Reviewed-on: https://code.wireshark.org/review/29017
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
---
epan/dissectors/packet-ieee80211-radiotap-iter.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/epan/dissectors/packet-ieee80211-radiotap-iter.c b/epan/dissectors/packet-ieee80211-radiotap-iter.c
index 167cb39..e10fdaf 100644
--- a/epan/dissectors/packet-ieee80211-radiotap-iter.c
+++ b/epan/dissectors/packet-ieee80211-radiotap-iter.c
@@ -132,6 +132,7 @@ int ieee80211_radiotap_iterator_init(
iterator->_bitmap_shifter = get_unaligned_le32(&radiotap_header->it_present);
iterator->_arg = (guint8 *)radiotap_header + sizeof(*radiotap_header);
iterator->_reset_on_ext = 0;
+ iterator->_next_ns_data = NULL;
iterator->_next_bitmap = &radiotap_header->it_present;
iterator->_next_bitmap++;
iterator->_vns = vns;
@@ -288,9 +289,14 @@ int ieee80211_radiotap_iterator_next(
}
if (!align) {
/* skip all subsequent data */
+ if (!iterator->_next_ns_data)
+ return -EINVAL;
iterator->_arg = iterator->_next_ns_data;
/* give up on this namespace */
iterator->current_namespace = NULL;
+ iterator->_next_ns_data = NULL;
+ if (!ITERATOR_VALID(iterator, 0))
+ return -EINVAL;
goto next_entry;
}
break;
--
1.7.12.4
Reference in New Issue View Git Blame Copy Permalink