X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/6bc44295cfbe1f7b6633c755841518f4b159aa8a..f152c1268f28fc84d15d364b742f500e12374b33:/print-802_11.c

diff --git a/print-802_11.c b/print-802_11.c
index 78a57b18..1bbe47ac 100644
--- a/print-802_11.c
+++ b/print-802_11.c
@@ -3115,6 +3115,9 @@ ieee802_11_radio_print(netdissect_options *ndo,
 
 	len = EXTRACT_LE_16BITS(&hdr->it_len);
 
+	/*
+	 * If we don't have the entire radiotap header, just give up.
+	 */
 	if (caplen < len) {
 		ND_PRINT((ndo, "%s", tstr));
 		return caplen;
@@ -3122,13 +3125,13 @@ ieee802_11_radio_print(netdissect_options *ndo,
 	cpack_init(&cpacker, (const uint8_t *)hdr, len); /* align against header start */
 	cpack_advance(&cpacker, sizeof(*hdr)); /* includes the 1st bitmap */
 	for (last_presentp = &hdr->it_present;
-	     IS_EXTENDED(last_presentp) &&
-	     (const u_char*)(last_presentp + 1) <= p + len;
+	     (const u_char*)(last_presentp + 1) <= p + len &&
+	     IS_EXTENDED(last_presentp);
 	     last_presentp++)
 	  cpack_advance(&cpacker, sizeof(hdr->it_present)); /* more bitmaps */
 
 	/* are there more bitmap extensions than bytes in header? */
-	if (IS_EXTENDED(last_presentp)) {
+	if ((const u_char*)(last_presentp + 1) > p + len) {
 		ND_PRINT((ndo, "%s", tstr));
 		return caplen;
 	}