3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-25 09:39:25 +01:00

monitor: fix buffer overrun parsing country IE

The country IE can sometimes have a zero pad byte at the end for
alignment. This was not being checked for which caused the loop
to go past the end of the IE and print an entry for channel 0
(the pad byte) plus some garbage data.

Fix this by checking for the pad byte explicitly which skips the
print and terminates the loop.
This commit is contained in:
James Prestwood 2022-12-29 16:24:25 -08:00 committed by Denis Kenzior
parent 1c1ad68a63
commit e70a241f34

View File

@ -494,7 +494,7 @@ static void print_ie_country(unsigned int level, const char *label,
if (code[i + 2] < 32)
print_attr(level + 1, "%27c (air propagation "
"time %2d µs)", ' ', 3 * code[i + 2]);
} else {
} else if (code[i] != 0) {
print_attr(level + 1, "First channel %3d number of "
"channels %2d max tx power %2d dBm",
code[i], code[i + 1], code[i + 2]);