From 0702f322949bb276ae42b77c8c0cd89d8a5d0318 Mon Sep 17 00:00:00 2001 From: Ansuel Smith Date: Wed, 6 Jan 2021 04:05:37 +0100 Subject: [PATCH] iwinfo: improve center channel handling - Improve iwinfo center channel struct position - Prevent read beyond buffer on malformed data Signed-off-by: Ansuel Smith --- include/iwinfo.h | 4 ++-- iwinfo_nl80211.c | 22 +++++++++++++--------- 2 files changed, 15 insertions(+), 11 deletions(-) diff --git a/include/iwinfo.h b/include/iwinfo.h index 5799c02..40ef3a7 100644 --- a/include/iwinfo.h +++ b/include/iwinfo.h @@ -255,6 +255,8 @@ struct iwinfo_ops { int (*probe)(const char *ifname); int (*mode)(const char *, int *); int (*channel)(const char *, int *); + int (*center_chan1)(const char *, int *); + int (*center_chan2)(const char *, int *); int (*frequency)(const char *, int *); int (*frequency_offset)(const char *, int *); int (*txpower)(const char *, int *); @@ -283,8 +285,6 @@ struct iwinfo_ops { int (*survey)(const char *, char *, int *); int (*lookup_phy)(const char *, char *); void (*close)(void); - int (*center_chan1)(const char *, int *); - int (*center_chan2)(const char *, int *); }; const char * iwinfo_type(const char *ifname); diff --git a/iwinfo_nl80211.c b/iwinfo_nl80211.c index 0a94216..29bdc8c 100644 --- a/iwinfo_nl80211.c +++ b/iwinfo_nl80211.c @@ -2380,14 +2380,18 @@ static void nl80211_get_scanlist_ie(struct nlattr **bss, IWINFO_CIPHER_TKIP, IWINFO_KMGMT_PSK); break; case 61: /* HT oeration */ - e->ht_chan_info.primary_chan = ie[2]; - e->ht_chan_info.secondary_chan_off = ie[3] & 0x3; - e->ht_chan_info.chan_width = (ie[4] & 0x4)>>2; + if (ie[1] >= 3) { + e->ht_chan_info.primary_chan = ie[2]; + e->ht_chan_info.secondary_chan_off = ie[3] & 0x3; + e->ht_chan_info.chan_width = (ie[4] & 0x4)>>2; + } break; case 192: /* VHT operation */ - e->vht_chan_info.chan_width = ie[2]; - e->vht_chan_info.center_chan_1 = ie[3]; - e->vht_chan_info.center_chan_2 = ie[4]; + if (ie[1] >= 3) { + e->vht_chan_info.chan_width = ie[2]; + e->vht_chan_info.center_chan_1 = ie[3]; + e->vht_chan_info.center_chan_2 = ie[4]; + } break; } @@ -3347,6 +3351,8 @@ const struct iwinfo_ops nl80211_ops = { .name = "nl80211", .probe = nl80211_probe, .channel = nl80211_get_channel, + .center_chan1 = nl80211_get_center_chan1, + .center_chan2 = nl80211_get_center_chan2, .frequency = nl80211_get_frequency, .frequency_offset = nl80211_get_frequency_offset, .txpower = nl80211_get_txpower, @@ -3375,7 +3381,5 @@ const struct iwinfo_ops nl80211_ops = { .countrylist = nl80211_get_countrylist, .survey = nl80211_get_survey, .lookup_phy = nl80211_lookup_phyname, - .close = nl80211_close, - .center_chan1 = nl80211_get_center_chan1, - .center_chan2 = nl80211_get_center_chan2 + .close = nl80211_close };