]> The Tcpdump Group git mirrors - tcpdump/commitdiff
projects / tcpdump / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 24982f6)
802.11: fetch the CF and TIM IEs a field at a time.
authorGuy Harris <[email protected]>
Mon, 19 Jul 2021 01:45:23 +0000 (18:45 -0700)
committerGuy Harris <[email protected]>
Sun, 17 Jul 2022 01:50:15 +0000 (18:50 -0700)
That should squelch Coverity CIDs 1487524 and 1487523; it also means
that we convert the 2-byte fields from little-endian byte order to host
order, and also avoids issues with padding in the structures we use.

(cherry picked from commit 0ff8efa84a862c47025e17c2fe52d9c91c6152a4)

print-802_11.c patch | blob | history

diff --git a/print-802_11.c b/print-802_11.c
index e901752a3774b9d5cd1d19b0ce1720cbb8459a59..86594d48cda7a34c8bac460d43efec00dae42773 100644 (file)
--- a/print-802_11.c
+++ b/print-802_11.c
@@ -1284,9 +1284,18 @@ parse_elements(netdissect_options *ndo,
                                length -= cf.length;
                                break;
                        }
-                       memcpy(&cf.count, p + offset, 6);
-                       offset += 6;
-                       length -= 6;
+                       cf.count = GET_U_1(p + offset);
+                       offset += 1;
+                       length -= 1;
+                       cf.period = GET_U_1(p + offset);
+                       offset += 1;
+                       length -= 1;
+                       cf.max_duration = GET_LE_U_2(p + offset);
+                       offset += 2;
+                       length -= 2;
+                       cf.dur_remaining = GET_LE_U_2(p + offset);
+                       offset += 2;
+                       length -= 2;
                        /*
                         * Present and not truncated.
                         *
@@ -1310,10 +1319,15 @@ parse_elements(netdissect_options *ndo,
                        }
                        if (tim.length - 3U > sizeof(tim.bitmap))
                                return 0;
-                       memcpy(&tim.count, p + offset, 3);
-                       offset += 3;
-                       length -= 3;
-
+                       tim.count = GET_U_1(p + offset);
+                       offset += 1;
+                       length -= 1;
+                       tim.period = GET_U_1(p + offset);
+                       offset += 1;
+                       length -= 1;
+                       tim.bitmap_control = GET_U_1(p + offset);
+                       offset += 1;
+                       length -= 1;
                        memcpy(tim.bitmap, p + offset, tim.length - 3);
                        offset += tim.length - 3;
                        length -= tim.length - 3;
[mirror] the TCPdump network dissector