From 469a2e5eb9258f1b0ffbc02efd5e3b93499e7192 Mon Sep 17 00:00:00 2001
From: Marc <foxtrot@malloc.me>
Date: Fri, 4 Mar 2022 13:34:28 +0000
Subject: core: Return error if invalid length is supplied to
 tag_iterator_init()

---
 src/libwifi/core/frame/tag_iterator.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/libwifi/core/frame/tag_iterator.c b/src/libwifi/core/frame/tag_iterator.c
index 0982c95..c17a6d7 100644
--- a/src/libwifi/core/frame/tag_iterator.c
+++ b/src/libwifi/core/frame/tag_iterator.c
@@ -19,8 +19,11 @@
 #include <string.h>
 
 int libwifi_tag_iterator_init(struct libwifi_tag_iterator *it, const void *tags_start, size_t data_len) {
-    it->tag_header = (struct libwifi_tag_header *) tags_start;
+    if (data_len <= 0) {
+        return -EINVAL;
+    }
 
+    it->tag_header = (struct libwifi_tag_header *) tags_start;
     it->tag_data = (unsigned char *) tags_start + sizeof(struct libwifi_tag_header);
     it->_next_tag_header = (struct libwifi_tag_header *) (it->tag_data + it->tag_header->tag_len);
     it->_frame_end = (unsigned char *) (tags_start) + data_len - 1;
-- 
cgit 1.4.1