Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp3655280ybv; Mon, 10 Feb 2020 04:07:28 -0800 (PST) X-Google-Smtp-Source: APXvYqxKktO862EbxsQXo7EaqfV9G+t8xRv7klXTt8gpg5dGi1WjzIHyYarEkr9abVya6YfILbmt X-Received: by 2002:a54:4f14:: with SMTP id e20mr603122oiy.84.1581336447995; Mon, 10 Feb 2020 04:07:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1581336447; cv=none; d=google.com; s=arc-20160816; b=ecNScOwHGnVlk/IM2Lgfvjtvk9qoDm7cqCnIG94mG/In0UwmZj+ymly14f8aT4BblH 4HPDmwNuKIOIAHHT1ZwCdTeN7Ka2Nc208Ls/8ffosUCLxry6KmdPTRKYQMMhSCOHAMHZ YzJP0CetgHYNvsROnfE86r4/zlSb2ZM9wicOloO/+By5BagbAIVC4YGIhSx/SfHb8oME RNF0fi6q72R4Ux/lyD6RQBvaHOVeTPPhZTsj/0COJoPIiG070v6msS6o+PrWoyq9OStn zNl76m+8WigZwyeteupn2ChET96b9xiC395fqPSyBytZBDAnB1ExZd1Y9tj7MFeJhr68 HHvw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=ANrs5u6eRtL/fOhCjqOXRuxKfwCq56etOtZLHYuOwdc=; b=Y/TSbOt4U75poNtIdoZvAEXawD5L7Wi23/7gdWo1lvq6pX0tZ+ZcgqcG+N1E5V1Hom OrFnmOzRpktC3aVoPpc6gbSp0YT6IALX/D8oiDRv5nTONRvDY+cp/ZAwXo6LLF7xEpeS v4U01EYKUk1mlJ7m4v/HjuZay41rjcMMuFJ/J36b57K6WPKvSMCPWSfoodr9f3xsNzmr NUjFV1kUJRX5m537sslg+mS0MQkwe623X2Wh/D2V3JUd8LzfqB0RGtxWpCgIERncsnoG nuauMRyi2Ih744/rLXimPIfqb/a6quMTgiGTEKqj0pD+d/tiLQo8EHN7xVE2GGp0kJyv Q5xg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x23si92852oie.50.2020.02.10.04.07.05; Mon, 10 Feb 2020 04:07:27 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-wireless-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727121AbgBJMGl (ORCPT + 99 others); Mon, 10 Feb 2020 07:06:41 -0500 Received: from smail.rz.tu-ilmenau.de ([141.24.186.67]:52864 "EHLO smail.rz.tu-ilmenau.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727061AbgBJMGl (ORCPT ); Mon, 10 Feb 2020 07:06:41 -0500 Received: from localhost.localdomain (unknown [109.41.129.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smail.rz.tu-ilmenau.de (Postfix) with ESMTPSA id 3CEBD580074; Mon, 10 Feb 2020 13:06:39 +0100 (CET) From: Markus Theil To: johannes@sipsolutions.net Cc: linux-wireless@vger.kernel.org, Markus Theil Subject: [PATCH] iw: scan: more length checks for print_wifi_wps() Date: Mon, 10 Feb 2020 13:06:35 +0100 Message-Id: <20200210120635.498188-1-markus.theil@tu-ilmenau.de> X-Mailer: git-send-email 2.25.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org Signed-off-by: Markus Theil --- scan.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/scan.c b/scan.c index dbfe44c..2dedd64 100644 --- a/scan.c +++ b/scan.c @@ -1878,6 +1878,11 @@ static void print_wifi_wps(const uint8_t type, uint8_t len, const uint8_t *data, break; } case 0x103c: { + if (sublen < 1) { + printf("\t * RF Bands: (invalid " + "length %d)\n", sublen); + break; + } __u8 val = data[4]; tab_on_first(&first); printf("\t * RF Bands: 0x%x\n", val); @@ -1941,6 +1946,11 @@ static void print_wifi_wps(const uint8_t type, uint8_t len, const uint8_t *data, break; } case 0x1057: { + if (sublen < 1) { + printf("\t * AP setup locked: (invalid " + "length %d)\n", sublen); + break; + } __u8 val = data[4]; tab_on_first(&first); printf("\t * AP setup locked: 0x%.2x\n", val); -- 2.25.0