From 5b665ba92ff69d8b51bbd634187dd3d6fdb48fe4 Mon Sep 17 00:00:00 2001
From: Guy Harris <guy@alum.mit.edu>
Date: Tue, 5 Apr 2011 09:53:57 -0700
Subject: [PATCH] Fix the handling of unknown tagged parameters in management
 frames.

Fetch the element length early in the process, rather than fetching it
each time we need it - even after we've advanced the pointer we are
using to fetch it (doing the latter means we fetch the wrong value when
we subtract it from the remaining length).
---
 print-802_11.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/print-802_11.c b/print-802_11.c
index 385e6cb6..64c9f24d 100644
--- a/print-802_11.c
+++ b/print-802_11.c
@@ -269,6 +269,7 @@ static int
 parse_elements(struct mgmt_body_t *pbody, const u_char *p, int offset,
     u_int length)
 {
+	u_int elementlen;
 	struct ssid_t ssid;
 	struct challenge_t challenge;
 	struct rates_t rates;
@@ -487,12 +488,13 @@ parse_elements(struct mgmt_body_t *pbody, const u_char *p, int offset,
 				return 0;
 			if (length < 2)
 				return 0;
-			if (!TTEST2(*(p + offset + 2), *(p + offset + 1)))
+			elementlen = *(p + offset + 1);
+			if (!TTEST2(*(p + offset + 2), elementlen))
 				return 0;
-			if (length < (u_int)(*(p + offset + 1) + 2))
+			if (length < elementlen + 2)
 				return 0;
-			offset += *(p + offset + 1) + 2;
-			length -= *(p + offset + 1) + 2;
+			offset += elementlen + 2;
+			length -= elementlen + 2;
 			break;
 		}
 	}
-- 
2.39.5