2020-02-09 16:59:42

by Markus Theil

[permalink] [raw]
Subject: [PATCH 4/8] iw: scan: fix buffer over-read in parsing roaming consortium

ANQP and OI length are always present, increase min. length by 2.

Signed-off-by: Markus Theil <[email protected]>
---
scan.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scan.c b/scan.c
index 2d11f81..9a02363 100644
--- a/scan.c
+++ b/scan.c
@@ -1707,7 +1707,7 @@ static const struct ie_print ieprinters[] = {
[127] = { "Extended capabilities", print_capabilities, 0, 255, BIT(PRINT_SCAN), },
[107] = { "802.11u Interworking", print_interworking, 0, 255, BIT(PRINT_SCAN), },
[108] = { "802.11u Advertisement", print_11u_advert, 0, 255, BIT(PRINT_SCAN), },
- [111] = { "802.11u Roaming Consortium", print_11u_rcon, 0, 255, BIT(PRINT_SCAN), },
+ [111] = { "802.11u Roaming Consortium", print_11u_rcon, 2, 255, BIT(PRINT_SCAN), },
[195] = { "Transmit Power Envelope", print_tx_power_envelope, 2, 5, BIT(PRINT_SCAN), },
};

--
2.25.0