Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Simplify VHT Operation element parsing

Check the element length in the parser and remove the length field from
struct ieee802_11_elems since the element is of fixed length.

Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen 10 years ago
parent
d6fefd64d2
commit
f4b64c603e
2 changed files with 2 additions and 2 deletions
Split View Show Diff Stats
  1. 2 1
      src/common/ieee802_11_common.c
  2. 0 1
      src/common/ieee802_11_common.h

+ 2 - 1
src/common/ieee802_11_common.c
View File 

@@ -292,8 +292,9 @@ ParseRes ieee802_11_parse_elems(const u8 *start, size_t len,
 
 			elems->vht_capabilities = pos;
 
 			break;
 
 		case WLAN_EID_VHT_OPERATION:
 
+			if (elen < sizeof(struct ieee80211_vht_operation))
 
+				break;
 
 			elems->vht_operation = pos;
 
-			elems->vht_operation_len = elen;
 
 			break;
 
 		case WLAN_EID_VHT_OPERATING_MODE_NOTIFICATION:
 
 			if (elen != 1)

+ 0 - 1
src/common/ieee802_11_common.h
View File 

@@ -64,7 +64,6 @@ struct ieee802_11_elems {
 
 	u8 mesh_config_len;
 
 	u8 mesh_id_len;
 
 	u8 peer_mgmt_len;
 
-	u8 vht_operation_len;
 
 	u8 vendor_ht_cap_len;
 
 	u8 vendor_vht_len;
 
 	u8 p2p_len;