]> The Tcpdump Group git mirrors - tcpdump/commitdiff
projects / tcpdump / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 95483a4)
802.11: fetch the CF and TIM IEs a field at a time.
authorGuy Harris <[email protected]>
Mon, 19 Jul 2021 01:45:23 +0000 (18:45 -0700)
committerGuy Harris <[email protected]>
Mon, 19 Jul 2021 01:45:36 +0000 (18:45 -0700)
That should squelch Coverity CIDs 1487524 and 1487523; it also means
that we convert the 2-byte fields from little-endian byte order to host
order, and also avoids issues with padding in the structures we use.

print-802_11.c patch | blob | history

diff --git a/print-802_11.c b/print-802_11.c
index 1600d0e7f2a7f0dff1b7aa2147952fa8742b0ae1..d2f0f35b8eef7a8b264eff33353758468cf154f0 100644 (file)
--- a/print-802_11.c
+++ b/print-802_11.c
@@ -1277,9 +1277,18 @@ parse_elements(netdissect_options *ndo,
                                length -= cf.length;
                                break;
                        }
-                       memcpy(&cf.count, p + offset, 6);
-                       offset += 6;
-                       length -= 6;
+                       cf.count = GET_U_1(p + offset);
+                       offset += 1;
+                       length -= 1;
+                       cf.period = GET_U_1(p + offset);
+                       offset += 1;
+                       length -= 1;
+                       cf.max_duration = GET_LE_U_2(p + offset);
+                       offset += 2;
+                       length -= 2;
+                       cf.dur_remaining = GET_LE_U_2(p + offset);
+                       offset += 2;
+                       length -= 2;
                        /*
                         * Present and not truncated.
                         *
@@ -1303,10 +1312,15 @@ parse_elements(netdissect_options *ndo,
                        }
                        if (tim.length - 3U > sizeof(tim.bitmap))
                                return 0;
-                       memcpy(&tim.count, p + offset, 3);
-                       offset += 3;
-                       length -= 3;
-
+                       tim.count = GET_U_1(p + offset);
+                       offset += 1;
+                       length -= 1;
+                       tim.period = GET_U_1(p + offset);
+                       offset += 1;
+                       length -= 1;
+                       tim.bitmap_control = GET_U_1(p + offset);
+                       offset += 1;
+                       length -= 1;
                        memcpy(tim.bitmap, p + offset, tim.length - 3);
                        offset += tim.length - 3;
                        length -= tim.length - 3;
[mirror] the TCPdump network dissector