osmith/wireshark
1
0
Fork 0
forked from osmocom/wireshark
Code Pull requests Releases Wiki Activity

We should be reporting expert infos on invalid radiotap headers.

Browse source 
Note the places where we should be doing so.

Also, note that two of the tests in ieee80211_radiotap_iterator_init()
are redundant in Wireshark, and that it's irrelevant what versions of
radiotap Linux supports - this is Wireshark code, not Linux code.  (If
there's anything to note, it's that there *is* no radiotap version other
than 0, so there's nothing *to* support.)

Change-Id: Ieabef703638b30649a097269d684f60e79db8ba5
Reviewed-on: https://code.wireshark.org/review/29031
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This commit is contained in:
Guy Harris 2018-08-08 14:24:01 -07:00
parent 739eebd3d2
commit c7764e235c
1 changed files with 9 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
epan/dissectors/packet-ieee80211-radiotap-iter.c
View file

@ -115,14 +115,17 @@ int ieee80211_radiotap_iterator_init(
struct ieee80211_radiotap_header *radiotap_header,
int max_length, const struct ieee80211_radiotap_vendor_namespaces *vns)
{
/* XXX - in Wireshark, we've already checked for this */
if (max_length < (int)sizeof(struct ieee80211_radiotap_header))
return -EINVAL;
/* Linux only supports version 0 radiotap format */
/* XXX - this is Wireshark, not Linux, and we should report an expert info */
if (radiotap_header->it_version)
return -EINVAL;
/* sanity check for allowed length and radiotap length field */
/* XXX - in Wireshark, this compares the length against itself. */
if (max_length < get_unaligned_le16(&radiotap_header->it_len))
return -EINVAL;
@ -145,6 +148,7 @@ int ieee80211_radiotap_iterator_init(
/* find payload start allowing for extended bitmap(s) */
if (iterator->_bitmap_shifter & (1U << IEEE80211_RADIOTAP_EXT)) {
/* XXX - we should report an expert info here */
if (!ITERATOR_VALID(iterator, sizeof(guint32)))
return -EINVAL;
while (get_unaligned_le32(iterator->_arg) &
@ -156,7 +160,7 @@ int ieee80211_radiotap_iterator_init(
* keep claiming to extend up to or even beyond the
* stated radiotap header length
*/
/* XXX - we should report an expert info here */
if (!ITERATOR_VALID(iterator, sizeof(guint32)))
return -EINVAL;
}
@ -289,12 +293,14 @@ int ieee80211_radiotap_iterator_next(
}
if (!align) {
/* skip all subsequent data */
/* XXX - we should report an expert info here */
if (!iterator->_next_ns_data)
return -EINVAL;
iterator->_arg = iterator->_next_ns_data;
/* give up on this namespace */
iterator->current_namespace = NULL;
iterator->_next_ns_data = NULL;
/* XXX - we should report an expert info here */
if (!ITERATOR_VALID(iterator, 0))
return -EINVAL;
goto next_entry;
@ -322,6 +328,7 @@ int ieee80211_radiotap_iterator_next(
if (iterator->_arg_index % 32 == IEEE80211_RADIOTAP_VENDOR_NAMESPACE) {
int vnslen;
/* XXX - we should report an expert info here */
if (!ITERATOR_VALID(iterator, size))
return -EINVAL;
@ -355,7 +362,7 @@ int ieee80211_radiotap_iterator_next(
* radiotap section. We will normally end up equalling this
* max_length on the last arg, never exceeding it.
*/
/* XXX - we should report an expert info here */
if (!ITERATOR_VALID(iterator, 0))
return -EINVAL;