Attachment #266677 for bug #311797

View | Details | Raw Unified | Return to bug 311797
Collapse All | Expand All

Line Link Here

(-)file_not_specified_in_diff (-3 / +3 lines)
0	-- src/airodump-ng.c	0	++ src/airodump-ng.c
Lines 2126-2132 Link Here
2126	st_cur->wpa.eapol_size = ( h80211[z + 2] << 8 )	2126	st_cur->wpa.eapol_size = ( h80211[z + 2] << 8 )
2127	+ h80211[z + 3] + 4;	2127	+ h80211[z + 3] + 4;
2128		2128
2129	if ((int)pkh.len - z < st_cur->wpa.eapol_size \|\| st_cur->wpa.eapol_size == 0)	2129	if (caplen - z < st_cur->wpa.eapol_size \|\| st_cur->wpa.eapol_size == 0 \|\| caplen - z < 81 + 16 \|\| st_cur->wpa.eapol_size > 256)
2130	{	2130	{
2131	// Ignore the packet trying to crash us.	2131	// Ignore the packet trying to crash us.
2132	goto write_packet;	2132	goto write_packet;
Lines 2158-2164 Link Here
2158	st_cur->wpa.eapol_size = ( h80211[z + 2] << 8 )	2158	st_cur->wpa.eapol_size = ( h80211[z + 2] << 8 )
2159	+ h80211[z + 3] + 4;	2159	+ h80211[z + 3] + 4;
2160		2160
2161	if ((int)pkh.len - z < st_cur->wpa.eapol_size \|\| st_cur->wpa.eapol_size == 0)	2161	if (caplen - z < st_cur->wpa.eapol_size \|\| st_cur->wpa.eapol_size == 0 \|\| caplen - z < 81 + 16 \|\| st_cur->wpa.eapol_size > 256)
2162	{	2162	{
2163	// Ignore the packet trying to crash us.	2163	// Ignore the packet trying to crash us.
2164	goto write_packet;	2164	goto write_packet;

Return to bug 311797