Gisle Vanem
2014-04-14 20:31:17 UTC
The use of function parse_elements() in print-802_11.c looks a bit fishy.
E.g. in handle_beacon():
ret = parse_elements(ndo, &pbody, p, offset, length);
PRINT_SSID(pbody);
PRINT_RATES(pbody);
Here parse_elements() has set 'pbody.ssid' to a local (on stack)
SSID in it's 'struct ssid_t ssid':
if (!pbody->ssid_present) {
pbody->ssid = ssid; <<
pbody->ssid_present++;
}
Then PRINT_SSID() prints something that could possible contain garbage.
So should those local variables in parse_elements() be made static? Or
use a memcpy()?
Besides, isn't it better to print hex-codes in the SSID as-is (if any)? Like so:
@@ -697,7 +697,7 @@
#define PRINT_SSID(p) \
if (p.ssid_present) { \
ND_PRINT((ndo, " (")); \
- fn_print(ndo, p.ssid.ssid, NULL); \
+ safeputs(ndo, p.ssid.ssid, sizeof(p.ssid.ssid)); \
ND_PRINT((ndo, ")")); \
}
--gv
E.g. in handle_beacon():
ret = parse_elements(ndo, &pbody, p, offset, length);
PRINT_SSID(pbody);
PRINT_RATES(pbody);
Here parse_elements() has set 'pbody.ssid' to a local (on stack)
SSID in it's 'struct ssid_t ssid':
if (!pbody->ssid_present) {
pbody->ssid = ssid; <<
pbody->ssid_present++;
}
Then PRINT_SSID() prints something that could possible contain garbage.
So should those local variables in parse_elements() be made static? Or
use a memcpy()?
Besides, isn't it better to print hex-codes in the SSID as-is (if any)? Like so:
@@ -697,7 +697,7 @@
#define PRINT_SSID(p) \
if (p.ssid_present) { \
ND_PRINT((ndo, " (")); \
- fn_print(ndo, p.ssid.ssid, NULL); \
+ safeputs(ndo, p.ssid.ssid, sizeof(p.ssid.ssid)); \
ND_PRINT((ndo, ")")); \
}
--gv