From: Guy Harris <guy@alum.mit.edu>
Date: Wed, 8 Aug 2018 20:41:44 +0000 (-0700)
Subject: Explicitly check to make sure the header length isn't too short.
X-Git-Tag: tcpdump-4.99-bp~1064
X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/cf99f0bc838a5f82391a72c1e074781cfacd4cef

Explicitly check to make sure the header length isn't too short.
---

diff --git a/print-802_11.c b/print-802_11.c
index 227e1bf3..8a4b3bdb 100644
--- a/print-802_11.c
+++ b/print-802_11.c
@@ -3089,6 +3089,15 @@ ieee802_11_radio_print(netdissect_options *ndo,
 	hdr = (const struct ieee80211_radiotap_header *)p;
 
 	len = EXTRACT_LE_U_2(hdr->it_len);
+	if (len < sizeof(*hdr)) {
+		/*
+		 * The length is the length of the entire header, so
+		 * it must be as large as the fixed-length part of
+		 * the header.
+		 */
+		nd_print_trunc(ndo);
+		return caplen;
+	}
 
 	/*
 	 * If we don't have the entire radiotap header, just give up.