ref: d21af173677127813b63a61a97131de821a680d6
parent: 18b931dde7d9259968a91a1baee96db92a79d34d
author: cinap_lenrek <[email protected]>
date: Fri Jan 30 08:41:23 EST 2015
wifi: fix recvbeacon() we used to read beyond the boundaries of the becon because of the end pointer was offset by the beacon header. this is also what caused the double entries.
--- a/sys/src/9/pc/wifi.c
+++ b/sys/src/9/pc/wifi.c
@@ -372,10 +372,10 @@
recvbeacon(Wifi *wifi, Wnode *wn, uchar *d, int len)
{ static uchar wpa1oui[4] = { 0x00, 0x50, 0xf2, 0x01 };- uchar *e, *x, *p;
- uchar t, m[256/8];
+ uchar *e, *x, *p, t;
- if(len < 8+2+2)
+ len -= 8+2+2;
+ if(len < 0)
return;
d += 8; /* timestamp */
@@ -384,19 +384,12 @@
wn->cap = d[0] | d[1]<<8;
d += 2;
- memset(m, 0, sizeof(m));
for(e = d + len; d+2 <= e; d = x){d += 2;
x = d + d[-1];
- if(x > e)
+ if(x > e)
break; /* truncated */
t = d[-2];
-
- /* skip double entries */
- if(m[t/8] & 1<<(t%8))
- continue;
- m[t/8] |= 1<<(t%8);
-
switch(t){case 0: /* SSID */
len = 0;