summaryrefslogtreecommitdiffstats
path: root/freebsd/contrib/tcpdump/print-802_11.c
diff options
context:
space:
mode:
Diffstat (limited to 'freebsd/contrib/tcpdump/print-802_11.c')
-rw-r--r--freebsd/contrib/tcpdump/print-802_11.c15
1 files changed, 14 insertions, 1 deletions
diff --git a/freebsd/contrib/tcpdump/print-802_11.c b/freebsd/contrib/tcpdump/print-802_11.c
index ff2ac02a..de3eb31c 100644
--- a/freebsd/contrib/tcpdump/print-802_11.c
+++ b/freebsd/contrib/tcpdump/print-802_11.c
@@ -2064,6 +2064,10 @@ ieee802_11_print(netdissect_options *ndo,
hdrlen = roundup2(hdrlen, 4);
if (ndo->ndo_Hflag && FC_TYPE(fc) == T_DATA &&
DATA_FRAME_IS_QOS(FC_SUBTYPE(fc))) {
+ if (caplen < hdrlen + 1) {
+ ND_PRINT((ndo, "%s", tstr));
+ return hdrlen;
+ }
meshdrlen = extract_mesh_header_length(p+hdrlen);
hdrlen += meshdrlen;
} else
@@ -3077,7 +3081,7 @@ print_in_radiotap_namespace(netdissect_options *ndo,
return 0;
}
-static u_int
+u_int
ieee802_11_radio_print(netdissect_options *ndo,
const u_char *p, u_int length, u_int caplen)
{
@@ -3107,6 +3111,15 @@ ieee802_11_radio_print(netdissect_options *ndo,
hdr = (const struct ieee80211_radiotap_header *)p;
len = EXTRACT_LE_16BITS(&hdr->it_len);
+ if (len < sizeof(*hdr)) {
+ /*
+ * The length is the length of the entire header, so
+ * it must be as large as the fixed-length part of
+ * the header.
+ */
+ ND_PRINT((ndo, "%s", tstr));
+ return caplen;
+ }
/*
* If we don't have the entire radiotap header, just give up.
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-04 00:31:23 +0000