Fetch the element length early in the process, rather than fetching it
each time we need it - even after we've advanced the pointer we are
using to fetch it (doing the latter means we fetch the wrong value when
we subtract it from the remaining length).
parse_elements(struct mgmt_body_t *pbody, const u_char *p, int offset,
u_int length)
{
parse_elements(struct mgmt_body_t *pbody, const u_char *p, int offset,
u_int length)
{
struct ssid_t ssid;
struct challenge_t challenge;
struct rates_t rates;
struct ssid_t ssid;
struct challenge_t challenge;
struct rates_t rates;
return 0;
if (length < 2)
return 0;
return 0;
if (length < 2)
return 0;
- if (!TTEST2(*(p + offset + 2), *(p + offset + 1)))
+ elementlen = *(p + offset + 1);
+ if (!TTEST2(*(p + offset + 2), elementlen))
- if (length < (u_int)(*(p + offset + 1) + 2))
+ if (length < elementlen + 2)
- offset += *(p + offset + 1) + 2;
- length -= *(p + offset + 1) + 2;
+ offset += elementlen + 2;
+ length -= elementlen + 2;
projects / tcpdump / commitdiff
