xfnw/plan9fox
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

wifi: fix recvbeacon()

Browse source 
we used to read beyond the boundaries of the becon because of
the end pointer was offset by the beacon header. this is
also what caused the double entries.
This commit is contained in:
cinap_lenrek 2015-01-30 13:41:23 +01:00
parent 18b931dde7
commit d21af17367
1 changed files with 4 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
sys/src/9/pc/wifi.c
View file

@ -372,10 +372,10 @@ static void
recvbeacon(Wifi *wifi, Wnode *wn, uchar *d, int len)
{
static uchar wpa1oui[4] = { 0x00, 0x50, 0xf2, 0x01 };
uchar *e, *x, *p;
uchar t, m[256/8];
uchar *e, *x, *p, t;
if(len < 8+2+2)
len -= 8+2+2;
if(len < 0)
return;
d += 8; /* timestamp */
@ -384,19 +384,12 @@ recvbeacon(Wifi *wifi, Wnode *wn, uchar *d, int len)
wn->cap = d[0] | d[1]<<8;
d += 2;
memset(m, 0, sizeof(m));
for(e = d + len; d+2 <= e; d = x){
d += 2;
x = d + d[-1];
if(x > e)
if(x > e)
break; /* truncated */
t = d[-2];
/* skip double entries */
if(m[t/8] & 1<<(t%8))
continue;
m[t/8] |= 1<<(t%8);
switch(t){
case 0: /* SSID */
len = 0;