diff options
author | Guy Harris <guy@alum.mit.edu> | 2016-02-06 00:39:40 -0800 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2016-02-06 08:43:42 +0000 |
commit | 485af0aa41c70e95c274adc858e847d87a52dbfd (patch) | |
tree | fc988b53fbdebda70545f084c045f099d13c8e24 /epan/dissectors/packet-ieee80211-radio.c | |
parent | 8678e5a9b33013b5d9c72bd269999af91fa9c3d7 (diff) | |
download | wireshark-485af0aa41c70e95c274adc858e847d87a52dbfd.tar.gz |
Check whether mcs_index is sane, not just whether it's set.
Don't just check whether we *have* the MCS index, check whether it's a
valid MCS index, before we use it in calculations. Otherwise, we'll
make out-of-bounds array accesses.
(May or may not fix bug 12085, so just Ping-Bug for now. It's necessary
in any case.)
Change-Id: I7119366397b260089aea35ae9fcd5ad9ec6b06f2
Ping-Bug: 12085
Reviewed-on: https://code.wireshark.org/review/13790
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Diffstat (limited to 'epan/dissectors/packet-ieee80211-radio.c')
-rw-r--r-- | epan/dissectors/packet-ieee80211-radio.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/epan/dissectors/packet-ieee80211-radio.c b/epan/dissectors/packet-ieee80211-radio.c index 2d09e656ce..3f11c74783 100644 --- a/epan/dissectors/packet-ieee80211-radio.c +++ b/epan/dissectors/packet-ieee80211-radio.c @@ -709,9 +709,11 @@ dissect_wlan_radio (tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, void gboolean fec; /* - * If we don't have necessary fields, then bail. + * If we don't have necessary fields, or if we have them but + * they have invalid values, then bail. */ if (!info_n->has_mcs_index || + info_n->mcs_index >= MAX_MCS_INDEX || !info_n->has_bandwidth || !info_n->has_short_gi) break; |