diff options
| author | cinap_lenrek <cinap_lenrek@felloff.net> | 2015-01-30 13:41:23 +0100 |
|---|---|---|
| committer | cinap_lenrek <cinap_lenrek@felloff.net> | 2015-01-30 13:41:23 +0100 |
| commit | d21af173677127813b63a61a97131de821a680d6 (patch) | |
| tree | 1d6c8e98752b29589a750e4d5ddefff151254925 /sys/src/9/pc/wifi.c | |
| parent | 18b931dde7d9259968a91a1baee96db92a79d34d (diff) | |
wifi: fix recvbeacon()
we used to read beyond the boundaries of the becon because of
the end pointer was offset by the beacon header. this is
also what caused the double entries.
Diffstat (limited to 'sys/src/9/pc/wifi.c')
| -rw-r--r-- | sys/src/9/pc/wifi.c | 15 |
1 files changed, 4 insertions, 11 deletions
diff --git a/sys/src/9/pc/wifi.c b/sys/src/9/pc/wifi.c index 19c5b3676..743f0cac8 100644 --- a/sys/src/9/pc/wifi.c +++ b/sys/src/9/pc/wifi.c @@ -372,10 +372,10 @@ static void recvbeacon(Wifi *wifi, Wnode *wn, uchar *d, int len) { static uchar wpa1oui[4] = { 0x00, 0x50, 0xf2, 0x01 }; - uchar *e, *x, *p; - uchar t, m[256/8]; + uchar *e, *x, *p, t; - if(len < 8+2+2) + len -= 8+2+2; + if(len < 0) return; d += 8; /* timestamp */ @@ -384,19 +384,12 @@ recvbeacon(Wifi *wifi, Wnode *wn, uchar *d, int len) wn->cap = d[0] | d[1]<<8; d += 2; - memset(m, 0, sizeof(m)); for(e = d + len; d+2 <= e; d = x){ d += 2; x = d + d[-1]; - if(x > e) + if(x > e) break; /* truncated */ t = d[-2]; - - /* skip double entries */ - if(m[t/8] & 1<<(t%8)) - continue; - m[t/8] |= 1<<(t%8); - switch(t){ case 0: /* SSID */ len = 0; |