diff options
| author | Michael Mann <mmann78@netscape.net> | 2019-08-31 21:15:08 -0400 |
|---|---|---|
| committer | Michael Mann <mmann78@netscape.net> | 2019-09-01 01:50:13 +0000 |
| commit | fc1c7155c418ad6381fbf1eab38e7ae09ccace1f (patch) | |
| tree | 523d77757129b259e50d0d53b50bb79931864a6f | |
| parent | 86e7a0273ae3a95360f84de0283cea053e5fbe2d (diff) | |
IEEE 802.11: RSN Information tag, more fields optional.
IEEE 802.11-2016 Section 9.4.2.25 RSNE
All information after Element ID, Length, and Version are optional; therefore the minimal IE length is 2.
Bug: 15905
Change-Id: I231e31c6a0fe5a26d5dd7c1c36be4e9816a7bb50
Reviewed-on: https://code.wireshark.org/review/34411
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
| -rw-r--r-- | epan/dissectors/packet-ieee80211.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/epan/dissectors/packet-ieee80211.c b/epan/dissectors/packet-ieee80211.c index b26e4b266c..ecf1975bb1 100644 --- a/epan/dissectors/packet-ieee80211.c +++ b/epan/dissectors/packet-ieee80211.c @@ -14691,6 +14691,9 @@ dissect_rsn_ie(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, proto_tree_add_item(tree, hf_ieee80211_rsn_version, tvb, offset, 2, ENC_LITTLE_ENDIAN); offset += 2; + if (offset >= tag_end) + return offset; + /* 7.3.2.25.1 Group Cipher suites */ rsn_gcs_item = proto_tree_add_item(tree, hf_ieee80211_rsn_gcs, tvb, offset, 4, ENC_BIG_ENDIAN); rsn_gcs_tree = proto_item_add_subtree(rsn_gcs_item, ett_rsn_gcs_tree); @@ -14705,6 +14708,9 @@ dissect_rsn_ie(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, } offset += 4; + if (offset >= tag_end) + return offset; + /* 7.3.2.25.2 Pairwise Cipher suites */ rsn_pcs_count = proto_tree_add_item(tree, hf_ieee80211_rsn_pcs_count, tvb, offset, 2, ENC_LITTLE_ENDIAN); pcs_count = tvb_get_letohs(tvb, offset); @@ -19978,9 +19984,9 @@ ieee80211_tag_rsn_ie(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* int tag_len = tvb_reported_length(tvb); ieee80211_tagged_field_data_t* field_data = (ieee80211_tagged_field_data_t*)data; int offset = 0; - if (tag_len < 18) + if (tag_len < 2) { - expert_add_info_format(pinfo, field_data->item_tag_length, &ei_ieee80211_tag_length, "Tag Length %u wrong, must be >= 18", tag_len); + expert_add_info_format(pinfo, field_data->item_tag_length, &ei_ieee80211_tag_length, "Tag Length %u wrong, must be >= 2", tag_len); return tvb_captured_length(tvb); } |