- Improve iwinfo center channel struct position
- Prevent read beyond buffer on malformed data
Signed-off-by: Ansuel Smith <ansuels...@gmail.com>
---
include/iwinfo.h | 4 ++--
iwinfo_nl80211.c | 22 +++++++++++++---------
2 files changed, 15 insertions(+), 11 deletions(-)
diff --git a/include/iwinfo.h b/include/iwinfo.h
index 5799c02..40ef3a7 100644
--- a/include/iwinfo.h
+++ b/include/iwinfo.h
@@ -255,6 +255,8 @@ struct iwinfo_ops {
int (*probe)(const char *ifname);
int (*mode)(const char *, int *);
int (*channel)(const char *, int *);
+ int (*center_chan1)(const char *, int *);
+ int (*center_chan2)(const char *, int *);
int (*frequency)(const char *, int *);
int (*frequency_offset)(const char *, int *);
int (*txpower)(const char *, int *);
@@ -283,8 +285,6 @@ struct iwinfo_ops {
int (*survey)(const char *, char *, int *);
int (*lookup_phy)(const char *, char *);
void (*close)(void);
- int (*center_chan1)(const char *, int *);
- int (*center_chan2)(const char *, int *);
};
const char * iwinfo_type(const char *ifname);
diff --git a/iwinfo_nl80211.c b/iwinfo_nl80211.c
index 5ca5c03..ba5bddb 100644
--- a/iwinfo_nl80211.c
+++ b/iwinfo_nl80211.c
@@ -2380,14 +2380,18 @@ static void nl80211_get_scanlist_ie(struct nlattr **bss,
IWINFO_CIPHER_TKIP,
IWINFO_KMGMT_PSK);
break;
case 61: /* HT oeration */
- e->ht_chan_info.primary_chan = ie[2];
- e->ht_chan_info.secondary_chan_off = ie[3] & 0x3;
- e->ht_chan_info.chan_width = (ie[4] & 0x4)>>2;
+ if (ie[1] >= 3) {
+ e->ht_chan_info.primary_chan = ie[2];
+ e->ht_chan_info.secondary_chan_off = ie[3] &
0x3;
+ e->ht_chan_info.chan_width = (ie[4] & 0x4)>>2;
+ }
break;
case 192: /* VHT operation */
- e->vht_chan_info.chan_width = ie[2];
- e->vht_chan_info.center_chan_1 = ie[3];
- e->vht_chan_info.center_chan_2 = ie[4];
+ if (ie[1] >= 3) {
+ e->vht_chan_info.chan_width = ie[2];
+ e->vht_chan_info.center_chan_1 = ie[3];
+ e->vht_chan_info.center_chan_2 = ie[4];
+ }
break;
}
@@ -3317,6 +3321,8 @@ const struct iwinfo_ops nl80211_ops = {
.name = "nl80211",
.probe = nl80211_probe,
.channel = nl80211_get_channel,
+ .center_chan1 = nl80211_get_center_chan1,
+ .center_chan2 = nl80211_get_center_chan2,
.frequency = nl80211_get_frequency,
.frequency_offset = nl80211_get_frequency_offset,
.txpower = nl80211_get_txpower,
@@ -3345,7 +3351,5 @@ const struct iwinfo_ops nl80211_ops = {
.countrylist = nl80211_get_countrylist,
.survey = nl80211_get_survey,
.lookup_phy = nl80211_lookup_phyname,
- .close = nl80211_close,
- .center_chan1 = nl80211_get_center_chan1,
- .center_chan2 = nl80211_get_center_chan2
+ .close = nl80211_close
};
--
2.29.2
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
