about summary refs log tree commit diff stats
path: root/src
diff options
context:
space:
mode:
authorMarc <marc@malloc.me>2023-04-15 12:34:00 +1000
committerGitHub <noreply@github.com>2023-04-15 12:34:00 +1000
commit7fca9d121d85426f848408bafc7259762ee88c96 (patch)
treeec9dc04c51c0d689e3dead0da8672d1930472788 /src
parente87c63db4a2ae4b2ddeefc00ed9ae4669333d016 (diff)
parent3d0afe480d5043ed0d502b4c8ae0eca8d51c4424 (diff)
downloadlibwifi-7fca9d121d85426f848408bafc7259762ee88c96.tar.gz
libwifi-7fca9d121d85426f848408bafc7259762ee88c96.tar.bz2
libwifi-7fca9d121d85426f848408bafc7259762ee88c96.zip
Merge pull request #18 from libwifi/fixup_alloc
core: Check length of frame body before allocating
Diffstat (limited to 'src')
-rw-r--r--src/libwifi/core/frame/frame.c14
1 files changed, 9 insertions, 5 deletions
diff --git a/src/libwifi/core/frame/frame.c b/src/libwifi/core/frame/frame.c index 99f7fdc..abe75e2 100644 --- a/src/libwifi/core/frame/frame.c +++ b/src/libwifi/core/frame/frame.c
@@ -38,6 +38,8 @@ int libwifi_get_wifi_frame(struct libwifi_frame *fi, const unsigned char *frame,
38 size_t frame_data_len = frame_len; 38 size_t frame_data_len = frame_len;
39 const unsigned char *frame_data = frame; 39 const unsigned char *frame_data = frame;
40 40
41 memset(fi, 0, sizeof(struct libwifi_frame));
42
41 if (radiotap) { 43 if (radiotap) {
42 struct libwifi_radiotap_info rtap_info = {0}; 44 struct libwifi_radiotap_info rtap_info = {0};
43 int ret = libwifi_parse_radiotap_info(&rtap_info, frame, frame_len); 45 int ret = libwifi_parse_radiotap_info(&rtap_info, frame, frame_len);
@@ -126,13 +128,15 @@ int libwifi_get_wifi_frame(struct libwifi_frame *fi, const unsigned char *frame,
126 fi->header_len = header_len; 128 fi->header_len = header_len;
127 memcpy(&fi->frame_control, frame_control, sizeof(struct libwifi_frame_ctrl)); 129 memcpy(&fi->frame_control, frame_control, sizeof(struct libwifi_frame_ctrl));
128 130
129 fi->body = malloc(fi->len - fi->header_len); 131 size_t body_len = fi->len - fi->header_len;
130 if (fi->body == NULL) { 132 if (body_len > 0) {
131 return -ENOMEM; 133 fi->body = malloc(body_len);
134 if (fi->body == NULL) {
135 return -ENOMEM;
136 }
137 memcpy(fi->body, frame_data + header_len, body_len);
132 } 138 }
133 139
134 memcpy(fi->body, frame_data + header_len, (fi->len - fi->header_len));
135
136 return 0; 140 return 0;
137} 141}
138 142
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-07-04 13:26:31 +0000