From e70a241f341405e35c58e062a80f5b3b6e46f707 Mon Sep 17 00:00:00 2001 From: James Prestwood Date: Thu, 29 Dec 2022 16:24:25 -0800 Subject: [PATCH] monitor: fix buffer overrun parsing country IE The country IE can sometimes have a zero pad byte at the end for alignment. This was not being checked for which caused the loop to go past the end of the IE and print an entry for channel 0 (the pad byte) plus some garbage data. Fix this by checking for the pad byte explicitly which skips the print and terminates the loop. --- monitor/nlmon.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/monitor/nlmon.c b/monitor/nlmon.c index 9694cfd1..652dea96 100644 --- a/monitor/nlmon.c +++ b/monitor/nlmon.c @@ -494,7 +494,7 @@ static void print_ie_country(unsigned int level, const char *label, if (code[i + 2] < 32) print_attr(level + 1, "%27c (air propagation " "time %2d µs)", ' ', 3 * code[i + 2]); - } else { + } else if (code[i] != 0) { print_attr(level + 1, "First channel %3d number of " "channels %2d max tx power %2d dBm", code[i], code[i + 1], code[i + 2]);