[IWINFO PATCH] iwinfo: improve center channel handling

Ansuel Smith ansuelsmth at gmail.com
Tue Jan 5 22:05:37 EST 2021


- Improve iwinfo center channel struct position
- Prevent read beyond buffer on malformed data

Signed-off-by: Ansuel Smith <ansuelsmth at gmail.com>
---
 include/iwinfo.h |  4 ++--
 iwinfo_nl80211.c | 22 +++++++++++++---------
 2 files changed, 15 insertions(+), 11 deletions(-)

diff --git a/include/iwinfo.h b/include/iwinfo.h
index 5799c02..40ef3a7 100644
--- a/include/iwinfo.h
+++ b/include/iwinfo.h
@@ -255,6 +255,8 @@ struct iwinfo_ops {
 	int (*probe)(const char *ifname);
 	int (*mode)(const char *, int *);
 	int (*channel)(const char *, int *);
+	int (*center_chan1)(const char *, int *);
+	int (*center_chan2)(const char *, int *);
 	int (*frequency)(const char *, int *);
 	int (*frequency_offset)(const char *, int *);
 	int (*txpower)(const char *, int *);
@@ -283,8 +285,6 @@ struct iwinfo_ops {
 	int (*survey)(const char *, char *, int *);
 	int (*lookup_phy)(const char *, char *);
 	void (*close)(void);
-	int (*center_chan1)(const char *, int *);
-	int (*center_chan2)(const char *, int *);
 };
 
 const char * iwinfo_type(const char *ifname);
diff --git a/iwinfo_nl80211.c b/iwinfo_nl80211.c
index 5ca5c03..ba5bddb 100644
--- a/iwinfo_nl80211.c
+++ b/iwinfo_nl80211.c
@@ -2380,14 +2380,18 @@ static void nl80211_get_scanlist_ie(struct nlattr **bss,
 				                 IWINFO_CIPHER_TKIP, IWINFO_KMGMT_PSK);
 			break;
 		case 61: /* HT oeration */
-			e->ht_chan_info.primary_chan = ie[2];
-			e->ht_chan_info.secondary_chan_off = ie[3] & 0x3;
-			e->ht_chan_info.chan_width = (ie[4] & 0x4)>>2;
+			if (ie[1] >= 3) {
+				e->ht_chan_info.primary_chan = ie[2];
+				e->ht_chan_info.secondary_chan_off = ie[3] & 0x3;
+				e->ht_chan_info.chan_width = (ie[4] & 0x4)>>2;
+			}
 			break;
 		case 192: /* VHT operation */
-			e->vht_chan_info.chan_width = ie[2];
-			e->vht_chan_info.center_chan_1 = ie[3];
-			e->vht_chan_info.center_chan_2 = ie[4];
+			if (ie[1] >= 3) {
+				e->vht_chan_info.chan_width = ie[2];
+				e->vht_chan_info.center_chan_1 = ie[3];
+				e->vht_chan_info.center_chan_2 = ie[4];
+			}
 			break;
 		}
 
@@ -3317,6 +3321,8 @@ const struct iwinfo_ops nl80211_ops = {
 	.name             = "nl80211",
 	.probe            = nl80211_probe,
 	.channel          = nl80211_get_channel,
+	.center_chan1     = nl80211_get_center_chan1,
+	.center_chan2     = nl80211_get_center_chan2,
 	.frequency        = nl80211_get_frequency,
 	.frequency_offset = nl80211_get_frequency_offset,
 	.txpower          = nl80211_get_txpower,
@@ -3345,7 +3351,5 @@ const struct iwinfo_ops nl80211_ops = {
 	.countrylist      = nl80211_get_countrylist,
 	.survey           = nl80211_get_survey,
 	.lookup_phy       = nl80211_lookup_phyname,
-	.close            = nl80211_close,
-	.center_chan1     = nl80211_get_center_chan1,
-	.center_chan2     = nl80211_get_center_chan2
+	.close            = nl80211_close
 };
-- 
2.29.2




More information about the openwrt-devel mailing list