forked from osmocom/wireshark
Add a bounds check.
AirPDcapStoreSa() was assuming that ctx->first_free_index would always be within the ctx->sa array; nothing guarantees that. Fail if it's past the end of the array; that means there *are* no free indices. Change-Id: I73145ea3f3dda1b3800a41fa3a2b01ac344dcbfc Reviewed-on: https://code.wireshark.org/review/9634 Reviewed-by: Guy Harris <guy@alum.mit.edu>
This commit is contained in:
parent
9230834fbe
commit
4f1b8d7433
|
@ -1555,6 +1555,10 @@ AirPDcapStoreSa(
|
|||
{
|
||||
INT last_free;
|
||||
|
||||
if (ctx->first_free_index>=AIRPDCAP_MAX_SEC_ASSOCIATIONS_NR) {
|
||||
/* there is no empty space available. FAILURE */
|
||||
return -1;
|
||||
}
|
||||
if (ctx->sa[ctx->first_free_index].used) {
|
||||
/* last addition was in the middle of the array (and the first_free_index was just incremented by 1) */
|
||||
/* search for a free space from the first_free_index to AIRPDCAP_STA_INFOS_NR (to avoid free blocks in */
|
||||
|
|
Loading…
Reference in New Issue