From 3d0afe480d5043ed0d502b4c8ae0eca8d51c4424 Mon Sep 17 00:00:00 2001 From: Marc Date: Sat, 15 Apr 2023 00:39:24 +1000 Subject: core: Check length of body before allocating Frames with no body may be worth parsing, but should avoid the allocation of zero-length bodies. Instead, we'll check if the body exists in the parsed data and if that length is zero, return early with success. Fixes #16 --- src/libwifi/core/frame/frame.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) (limited to 'src') diff --git a/src/libwifi/core/frame/frame.c b/src/libwifi/core/frame/frame.c index 99f7fdc..abe75e2 100644 --- a/src/libwifi/core/frame/frame.c +++ b/src/libwifi/core/frame/frame.c @@ -38,6 +38,8 @@ int libwifi_get_wifi_frame(struct libwifi_frame *fi, const unsigned char *frame, size_t frame_data_len = frame_len; const unsigned char *frame_data = frame; + memset(fi, 0, sizeof(struct libwifi_frame)); + if (radiotap) { struct libwifi_radiotap_info rtap_info = {0}; int ret = libwifi_parse_radiotap_info(&rtap_info, frame, frame_len); @@ -126,13 +128,15 @@ int libwifi_get_wifi_frame(struct libwifi_frame *fi, const unsigned char *frame, fi->header_len = header_len; memcpy(&fi->frame_control, frame_control, sizeof(struct libwifi_frame_ctrl)); - fi->body = malloc(fi->len - fi->header_len); - if (fi->body == NULL) { - return -ENOMEM; + size_t body_len = fi->len - fi->header_len; + if (body_len > 0) { + fi->body = malloc(body_len); + if (fi->body == NULL) { + return -ENOMEM; + } + memcpy(fi->body, frame_data + header_len, body_len); } - memcpy(fi->body, frame_data + header_len, (fi->len - fi->header_len)); - return 0; } -- cgit 1.4.1