Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

IEEE802_11: Fix buffer-overflow due to not accounting for the amsdu header

Browse source 
The fuzzer generated input where data length left was 14 and the amsdu_len
field set to 14. That caused buffer overread due not taking into account
the amsdu header length of 14.
This commit is contained in:
Arne Welzel 2023-10-18 10:25:34 +02:00 committed by Tim Wojtulewicz
parent 63391d974a
commit 72a54376bc
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/packet_analysis/protocol/ieee802_11/IEEE802_11.cc
View file

@ -105,7 +105,7 @@ bool IEEE802_11Analyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet*
// This is the length of everything after the A-MSDU subframe header. // This is the length of everything after the A-MSDU subframe header.
size_t amsdu_len = (data[12] << 8) + data[13]; size_t amsdu_len = (data[12] << 8) + data[13];
if ( len < amsdu_len ) if ( len < amsdu_len + 14 )
{ {
Weird("truncated_802_11_amsdu_packet", packet); Weird("truncated_802_11_amsdu_packet", packet);
return false; return false;