]> The Tcpdump Group git mirrors - tcpdump/blobdiff - print-802_11.c
projects / tcpdump / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
change make check to work with POSIX shell
[tcpdump] / print-802_11.c
diff --git a/print-802_11.c b/print-802_11.c
index 424c7cd70732209877e81c72fac58346d2c94d7e..50a3e9f596c2a3faea69f144f9ebac278460d628 100644 (file)
--- a/print-802_11.c
+++ b/print-802_11.c
@@ -20,6 +20,8 @@
  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  */
 
+/* \summary: IEEE 802.11 printer */
+
 #ifdef HAVE_CONFIG_H
 #include "config.h"
 #endif
@@ -1037,10 +1039,6 @@ parse_elements(netdissect_options *ndo,
                        if (ssid.length != 0) {
                                if (ssid.length > sizeof(ssid.ssid) - 1)
                                        return 0;
-                               if (!ND_TTEST2(*(p + offset), ssid.length))
-                                       return 0;
-                               if (length < ssid.length)
-                                       return 0;
                                memcpy(&ssid.ssid, p + offset, ssid.length);
                                offset += ssid.length;
                                length -= ssid.length;
@@ -1066,10 +1064,6 @@ parse_elements(netdissect_options *ndo,
                                if (challenge.length >
                                    sizeof(challenge.text) - 1)
                                        return 0;
-                               if (!ND_TTEST2(*(p + offset), challenge.length))
-                                       return 0;
-                               if (length < challenge.length)
-                                       return 0;
                                memcpy(&challenge.text, p + offset,
                                    challenge.length);
                                offset += challenge.length;
@@ -1095,10 +1089,6 @@ parse_elements(netdissect_options *ndo,
                        if (rates.length != 0) {
                                if (rates.length > sizeof rates.rate)
                                        return 0;
-                               if (!ND_TTEST2(*(p + offset), rates.length))
-                                       return 0;
-                               if (length < rates.length)
-                                       return 0;
                                memcpy(&rates.rate, p + offset, rates.length);
                                offset += rates.length;
                                length -= rates.length;
@@ -1187,8 +1177,7 @@ parse_elements(netdissect_options *ndo,
                        offset += 3;
                        length -= 3;
 
-                       memcpy(tim.bitmap, p + (tim.length - 3),
-                           (tim.length - 3));
+                       memcpy(tim.bitmap, p + offset, tim.length - 3);
                        offset += tim.length - 3;
                        length -= tim.length - 3;
                        /*
@@ -2037,7 +2026,7 @@ ieee802_11_print(netdissect_options *ndo,
 {
        uint16_t fc;
        u_int caplen, hdrlen, meshdrlen;
-       const uint8_t *src, *dst;
+       struct lladdr_info src, dst;
        int llc_hdrlen;
 
        caplen = orig_caplen;
@@ -2069,6 +2058,10 @@ ieee802_11_print(netdissect_options *ndo,
                hdrlen = roundup2(hdrlen, 4);
        if (ndo->ndo_Hflag && FC_TYPE(fc) == T_DATA &&
            DATA_FRAME_IS_QOS(FC_SUBTYPE(fc))) {
+               if (caplen < hdrlen + 1) {
+                       ND_PRINT((ndo, "%s", tstr));
+                       return hdrlen;
+               }
                meshdrlen = extract_mesh_header_length(p+hdrlen);
                hdrlen += meshdrlen;
        } else
@@ -2089,10 +2082,12 @@ ieee802_11_print(netdissect_options *ndo,
        caplen -= hdrlen;
        p += hdrlen;
 
+       src.addr_string = etheraddr_string;
+       dst.addr_string = etheraddr_string;
        switch (FC_TYPE(fc)) {
        case T_MGMT:
-               get_mgmt_src_dst_mac(p - hdrlen, &src, &dst);
-               if (!mgmt_body_print(ndo, fc, src, p, length)) {
+               get_mgmt_src_dst_mac(p - hdrlen, &src.addr, &dst.addr);
+               if (!mgmt_body_print(ndo, fc, src.addr, p, length)) {
                        ND_PRINT((ndo, "%s", tstr));
                        return hdrlen;
                }
@@ -2114,8 +2109,8 @@ ieee802_11_print(netdissect_options *ndo,
                                return hdrlen;
                        }
                } else {
-                       get_data_src_dst_mac(fc, p - hdrlen, &src, &dst);
-                       llc_hdrlen = llc_print(ndo, p, length, caplen, src, dst);
+                       get_data_src_dst_mac(fc, p - hdrlen, &src.addr, &dst.addr);
+                       llc_hdrlen = llc_print(ndo, p, length, caplen, &src, &dst);
                        if (llc_hdrlen < 0) {
                                /*
                                 * Some kinds of LLC packet we cannot
@@ -2518,7 +2513,7 @@ enum ieee80211_radiotap_type {
 
 static void
 print_chaninfo(netdissect_options *ndo,
-               int freq, int flags, int presentflags)
+               uint16_t freq, int flags, int presentflags)
 {
        ND_PRINT((ndo, "%u MHz", freq));
        if (presentflags & (1 << IEEE80211_RADIOTAP_MCS)) {
@@ -3080,7 +3075,7 @@ print_in_radiotap_namespace(netdissect_options *ndo,
        return 0;
 }
 
-static u_int
+u_int
 ieee802_11_radio_print(netdissect_options *ndo,
                        const u_char *p, u_int length, u_int caplen)
 {
@@ -3110,7 +3105,19 @@ ieee802_11_radio_print(netdissect_options *ndo,
        hdr = (const struct ieee80211_radiotap_header *)p;
 
        len = EXTRACT_LE_16BITS(&hdr->it_len);
+       if (len < sizeof(*hdr)) {
+               /*
+                * The length is the length of the entire header, so
+                * it must be as large as the fixed-length part of
+                * the header.
+                */
+               ND_PRINT((ndo, "%s", tstr));
+               return caplen;
+       }
 
+       /*
+        * If we don't have the entire radiotap header, just give up.
+        */
        if (caplen < len) {
                ND_PRINT((ndo, "%s", tstr));
                return caplen;
@@ -3118,13 +3125,13 @@ ieee802_11_radio_print(netdissect_options *ndo,
        cpack_init(&cpacker, (const uint8_t *)hdr, len); /* align against header start */
        cpack_advance(&cpacker, sizeof(*hdr)); /* includes the 1st bitmap */
        for (last_presentp = &hdr->it_present;
-            IS_EXTENDED(last_presentp) &&
-            (const u_char*)(last_presentp + 1) <= p + len;
+            (const u_char*)(last_presentp + 1) <= p + len &&
+            IS_EXTENDED(last_presentp);
             last_presentp++)
          cpack_advance(&cpacker, sizeof(hdr->it_present)); /* more bitmaps */
 
        /* are there more bitmap extensions than bytes in header? */
-       if (IS_EXTENDED(last_presentp)) {
+       if ((const u_char*)(last_presentp + 1) > p + len) {
                ND_PRINT((ndo, "%s", tstr));
                return caplen;
        }
[mirror] the TCPdump network dissector