changelog shortlog tags branches files raw gz bz2 help

Mercurial > hg > plan9front / changeset: wifi: fix recvbeacon()

changeset 4239: a2f421c84c3a
parent 4238: 45002ea48d38
child 4240: b62414ff39c6
author: cinap_lenrek@felloff.net
date: Fri, 30 Jan 2015 13:41:23 +0100
files: sys/src/9/pc/wifi.c
description: wifi: fix recvbeacon()

we used to read beyond the boundaries of the becon because of
the end pointer was offset by the beacon header. this is
also what caused the double entries.
     1.1--- a/sys/src/9/pc/wifi.c
     1.2+++ b/sys/src/9/pc/wifi.c
     1.3@@ -372,10 +372,10 @@ static void
     1.4 recvbeacon(Wifi *wifi, Wnode *wn, uchar *d, int len)
     1.5 {
     1.6 	static uchar wpa1oui[4] = { 0x00, 0x50, 0xf2, 0x01 };
     1.7-	uchar *e, *x, *p;
     1.8-	uchar t, m[256/8];
     1.9+	uchar *e, *x, *p, t;
    1.10 
    1.11-	if(len < 8+2+2)
    1.12+	len -= 8+2+2;
    1.13+	if(len < 0)
    1.14 		return;
    1.15 
    1.16 	d += 8;	/* timestamp */
    1.17@@ -384,19 +384,12 @@ recvbeacon(Wifi *wifi, Wnode *wn, uchar 
    1.18 	wn->cap = d[0] | d[1]<<8;
    1.19 	d += 2;
    1.20 
    1.21-	memset(m, 0, sizeof(m));
    1.22 	for(e = d + len; d+2 <= e; d = x){
    1.23 		d += 2;
    1.24 		x = d + d[-1];
    1.25-		if(x > e)
    1.26+		if(x > e)			
    1.27 			break;	/* truncated */
    1.28 		t = d[-2];
    1.29-
    1.30-		/* skip double entries */
    1.31-		if(m[t/8] & 1<<(t%8))
    1.32-			continue;
    1.33-		m[t/8] |= 1<<(t%8);
    1.34-
    1.35 		switch(t){
    1.36 		case 0:		/* SSID */
    1.37 			len = 0;