From 7782f7325153e7ad3149f8be13a81fab180771db Mon Sep 17 00:00:00 2001
From: Tim Wojtulewicz <tim@corelight.com>
Date: Tue, 2 May 2023 16:12:43 -0700
Subject: [PATCH] Add additional length check to IEEE 802.11 analyzer

---
 src/packet_analysis/protocol/ieee802_11/IEEE802_11.cc | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/packet_analysis/protocol/ieee802_11/IEEE802_11.cc b/src/packet_analysis/protocol/ieee802_11/IEEE802_11.cc
index df9a8b0f26..bd9d913f78 100644
--- a/src/packet_analysis/protocol/ieee802_11/IEEE802_11.cc
+++ b/src/packet_analysis/protocol/ieee802_11/IEEE802_11.cc
@@ -31,6 +31,12 @@ bool IEEE802_11Analyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet*
 	if ( (data[1] & 0x03) == 0x03 )
 		len_80211 += packet->L2_ADDR_LEN;
 
+	if ( len_80211 >= len )
+		{
+		Weird("truncated_802_11_header", packet);
+		return false;
+		}
+
 	// Look for the QoS indicator bit.
 	if ( (fc_80211 >> 4) & 0x08 )
 		{