提交 9ebad4ab 编写于 作者: J Johannes Berg 提交者: John W. Linville

radiotap: fix vendor namespace parsing

There's a bug with radiotap vendor namespace
parsing if you don't register for the given
namespace extensions. Fix this by passing
only the unknown vendor namespaces and the
registered data to frontends, but not both.
Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
上级 94a40c0c
...@@ -201,7 +201,7 @@ int ieee80211_radiotap_iterator_next( ...@@ -201,7 +201,7 @@ int ieee80211_radiotap_iterator_next(
{ {
while (1) { while (1) {
int hit = 0; int hit = 0;
int pad, align, size, subns, vnslen; int pad, align, size, subns;
uint32_t oui; uint32_t oui;
/* if no more EXT bits, that's it */ /* if no more EXT bits, that's it */
...@@ -261,6 +261,27 @@ int ieee80211_radiotap_iterator_next( ...@@ -261,6 +261,27 @@ int ieee80211_radiotap_iterator_next(
if (pad) if (pad)
iterator->_arg += align - pad; iterator->_arg += align - pad;
if (iterator->_arg_index % 32 == IEEE80211_RADIOTAP_VENDOR_NAMESPACE) {
int vnslen;
if ((unsigned long)iterator->_arg + size -
(unsigned long)iterator->_rtheader >
(unsigned long)iterator->_max_length)
return -EINVAL;
oui = (*iterator->_arg << 16) |
(*(iterator->_arg + 1) << 8) |
*(iterator->_arg + 2);
subns = *(iterator->_arg + 3);
find_ns(iterator, oui, subns);
vnslen = get_unaligned_le16(iterator->_arg + 4);
iterator->_next_ns_data = iterator->_arg + size + vnslen;
if (!iterator->current_namespace)
size += vnslen;
}
/* /*
* this is what we will return to user, but we need to * this is what we will return to user, but we need to
* move on first so next call has something fresh to test * move on first so next call has something fresh to test
...@@ -287,40 +308,25 @@ int ieee80211_radiotap_iterator_next( ...@@ -287,40 +308,25 @@ int ieee80211_radiotap_iterator_next(
/* these special ones are valid in each bitmap word */ /* these special ones are valid in each bitmap word */
switch (iterator->_arg_index % 32) { switch (iterator->_arg_index % 32) {
case IEEE80211_RADIOTAP_VENDOR_NAMESPACE: case IEEE80211_RADIOTAP_VENDOR_NAMESPACE:
iterator->_bitmap_shifter >>= 1;
iterator->_arg_index++;
iterator->_reset_on_ext = 1; iterator->_reset_on_ext = 1;
vnslen = get_unaligned_le16(iterator->this_arg + 4);
iterator->_next_ns_data = iterator->_arg + vnslen;
oui = (*iterator->this_arg << 16) |
(*(iterator->this_arg + 1) << 8) |
*(iterator->this_arg + 2);
subns = *(iterator->this_arg + 3);
find_ns(iterator, oui, subns);
iterator->is_radiotap_ns = 0; iterator->is_radiotap_ns = 0;
/* allow parsers to show this information */ /*
* If parser didn't register this vendor
* namespace with us, allow it to show it
* as 'raw. Do do that, set argument index
* to vendor namespace.
*/
iterator->this_arg_index = iterator->this_arg_index =
IEEE80211_RADIOTAP_VENDOR_NAMESPACE; IEEE80211_RADIOTAP_VENDOR_NAMESPACE;
iterator->this_arg_size += vnslen; if (!iterator->current_namespace)
if ((unsigned long)iterator->this_arg + hit = 1;
iterator->this_arg_size - goto next_entry;
(unsigned long)iterator->_rtheader >
(unsigned long)(unsigned long)iterator->_max_length)
return -EINVAL;
hit = 1;
break;
case IEEE80211_RADIOTAP_RADIOTAP_NAMESPACE: case IEEE80211_RADIOTAP_RADIOTAP_NAMESPACE:
iterator->_bitmap_shifter >>= 1;
iterator->_arg_index++;
iterator->_reset_on_ext = 1; iterator->_reset_on_ext = 1;
iterator->current_namespace = &radiotap_ns; iterator->current_namespace = &radiotap_ns;
iterator->is_radiotap_ns = 1; iterator->is_radiotap_ns = 1;
break; goto next_entry;
case IEEE80211_RADIOTAP_EXT: case IEEE80211_RADIOTAP_EXT:
/* /*
* bit 31 was set, there is more * bit 31 was set, there is more
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册