Merge remote-tracking branch 'origin/topic/timw/ieee-80211-length-check'

* origin/topic/timw/ieee-80211-length-check: Add additional length check to IEEE 802.11 analyzer
2025-10-02 14:48:21 +00:00 · 2023-05-03 09:30:55 -07:00 · 2023-05-03 09:30:55 -07:00 · bc82b657c4
commit bc82b657c4
parent bef1d51015 7782f73251
3 changed files with 11 additions and 1 deletions
--- a/4
+++ b/4
@ -1,3 +1,7 @@
+6.0.0-dev.487 | 2023-05-03 09:30:55 -0700
+
+  * Add additional length check to IEEE 802.11 analyzer (Tim Wojtulewicz, Corelight)
+
 6.0.0-dev.484 | 2023-05-03 14:18:03 +0100

  * SSL: do not try to disable failed analyzer (Johanna Amann, Corelight)
--- a/2
+++ b/2
@ -1 +1 @@
-6.0.0-dev.484
+6.0.0-dev.487
--- a/src/packet_analysis/protocol/ieee802_11/IEEE802_11.cc
+++ b/src/packet_analysis/protocol/ieee802_11/IEEE802_11.cc
@ -31,6 +31,12 @@ bool IEEE802_11Analyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet*
 	if ( (data[1] & 0x03) == 0x03 )
 		len_80211 += packet->L2_ADDR_LEN;

+	if ( len_80211 >= len )
+		{
+		Weird("truncated_802_11_header", packet);
+		return false;
+		}
+
 	// Look for the QoS indicator bit.
 	if ( (fc_80211 >> 4) & 0x08 )
 		{