parse: Check frame minimum length when parsing Radiotap header

author: Marc <foxtrot@malloc.me> 2022-01-12 22:19:01 +0000
committer: Marc <foxtrot@malloc.me> 2022-01-12 22:19:01 +0000
commit: 2057ed8028b4a5c951ed5b6005c5088890c1e689 (patch)
tree: 5e5f8090c317af898161966a442b2473d2086a67 /src
parent: fe955af4811c73768f77ef9471550648df0b8ec8 (diff)
download: libwifi-2057ed8028b4a5c951ed5b6005c5088890c1e689.tar.gz
libwifi-2057ed8028b4a5c951ed5b6005c5088890c1e689.tar.bz2
libwifi-2057ed8028b4a5c951ed5b6005c5088890c1e689.zip
3 files changed, 14 insertions, 4 deletions
diff --git a/src/libwifi/core/frame/frame.c b/src/libwifi/core/frame/frame.c
index b4f50ad..78fe069 100644
--- a/src/libwifi/core/frame/frame.c
+++ b/src/libwifi/core/frame/frame.c

@@ -42,7 +42,7 @@ int libwifi_get_wifi_frame(struct libwifi_frame *fi, const unsigned char *frame,
    if (radiotap) {
        struct libwifi_radiotap_info rtap_info = {0};
-        libwifi_parse_radiotap_info(&rtap_info, frame_data);
+        libwifi_parse_radiotap_info(&rtap_info, frame_data, frame_len);
        // Skip forward by the length of the radiotap header
        frame_data_len -= rtap_info.length;
diff --git a/src/libwifi/parse/misc/radiotap.c b/src/libwifi/parse/misc/radiotap.c
index 176167e..80ddced 100644
--- a/src/libwifi/parse/misc/radiotap.c
+++ b/src/libwifi/parse/misc/radiotap.c

@@ -16,6 +16,7 @@
 #include "radiotap.h"
 #include "../../core/radiotap/radiotap_iter.h"
+#include <errno.h>
 #include <endian.h>
 #include <stdint.h>
@@ -23,9 +24,13 @@
 * The libwifi radiotap parser uses the usual ieee80211_radiotap_iterator to parse incoming
 * radiotap headers into a consumable libwifi_radiotap_info struct.
 */
-void libwifi_parse_radiotap_info(struct libwifi_radiotap_info *info, const unsigned char *frame) {
+int libwifi_parse_radiotap_info(struct libwifi_radiotap_info *info, const unsigned char *frame, size_t frame_len) {
    memset(info, 0, sizeof(struct libwifi_radiotap_info));
+    if (frame_len < sizeof(struct ieee80211_radiotap_header)) {
+        return -EINVAL;
+    }
    struct ieee80211_radiotap_header *rh = (struct ieee80211_radiotap_header *) frame;
    struct ieee80211_radiotap_iterator it = {0};
    int ret = ieee80211_radiotap_iterator_init(&it, (void *) frame, rh->it_len, NULL);
@@ -99,6 +104,8 @@ void libwifi_parse_radiotap_info(struct libwifi_radiotap_info *info, const unsig
        ret = ieee80211_radiotap_iterator_next(&it);
    }
+    return 0;
 }
 /**
diff --git a/src/libwifi/parse/misc/radiotap.h b/src/libwifi/parse/misc/radiotap.h
index 8f74e6a..d57a760 100644
--- a/src/libwifi/parse/misc/radiotap.h
+++ b/src/libwifi/parse/misc/radiotap.h

@@ -17,6 +17,7 @@
 #define LIBWIFI_PARSE_RADIOTAP_H
 #include "../../core/misc/radiotap.h"
+#include <stddef.h>
 #include <stdint.h>
 /**
@@ -25,8 +26,10 @@
 *
 * @param info A libwifi_radiotap_info
 * @param frame A raw 802.11 frame
- */
+ * @param frame_len Length of the given 802.11 frame
-void libwifi_parse_radiotap_info(struct libwifi_radiotap_info *info, const unsigned char *frame);
+ * @returns Negative errno on error, 0 on success
+*/
+int libwifi_parse_radiotap_info(struct libwifi_radiotap_info *info, const unsigned char *frame, size_t frame_len);
 /**
 * Retrieve the signal strength from a raw frame via radiotap header.
author	Marc <foxtrot@malloc.me>	2022-01-12 22:19:01 +0000
committer	Marc <foxtrot@malloc.me>	2022-01-12 22:19:01 +0000
commit	2057ed8028b4a5c951ed5b6005c5088890c1e689 (patch)
tree	5e5f8090c317af898161966a442b2473d2086a67 /src
parent	fe955af4811c73768f77ef9471550648df0b8ec8 (diff)
download	libwifi-2057ed8028b4a5c951ed5b6005c5088890c1e689.tar.gz libwifi-2057ed8028b4a5c951ed5b6005c5088890c1e689.tar.bz2 libwifi-2057ed8028b4a5c951ed5b6005c5088890c1e689.zip