aboutsummaryrefslogtreecommitdiffstats
path: root/print-802_11.c
diff options
context:
space:
mode:
Diffstat (limited to 'print-802_11.c')
-rw-r--r--print-802_11.c15
1 files changed, 14 insertions, 1 deletions
diff --git a/print-802_11.c b/print-802_11.c
index d8bf039de1ab..50a3e9f596c2 100644
--- a/print-802_11.c
+++ b/print-802_11.c
@@ -2058,6 +2058,10 @@ ieee802_11_print(netdissect_options *ndo,
hdrlen = roundup2(hdrlen, 4);
if (ndo->ndo_Hflag && FC_TYPE(fc) == T_DATA &&
DATA_FRAME_IS_QOS(FC_SUBTYPE(fc))) {
+ if (caplen < hdrlen + 1) {
+ ND_PRINT((ndo, "%s", tstr));
+ return hdrlen;
+ }
meshdrlen = extract_mesh_header_length(p+hdrlen);
hdrlen += meshdrlen;
} else
@@ -3071,7 +3075,7 @@ print_in_radiotap_namespace(netdissect_options *ndo,
return 0;
}
-static u_int
+u_int
ieee802_11_radio_print(netdissect_options *ndo,
const u_char *p, u_int length, u_int caplen)
{
@@ -3101,6 +3105,15 @@ ieee802_11_radio_print(netdissect_options *ndo,
hdr = (const struct ieee80211_radiotap_header *)p;
len = EXTRACT_LE_16BITS(&hdr->it_len);
+ if (len < sizeof(*hdr)) {
+ /*
+ * The length is the length of the entire header, so
+ * it must be as large as the fixed-length part of
+ * the header.
+ */
+ ND_PRINT((ndo, "%s", tstr));
+ return caplen;
+ }
/*
* If we don't have the entire radiotap header, just give up.