@@ -255,6 +255,8 @@ struct iwinfo_ops {
int (*probe)(const char *ifname);
int (*mode)(const char *, int *);
int (*channel)(const char *, int *);
+ int (*center_chan1)(const char *, int *);
+ int (*center_chan2)(const char *, int *);
int (*frequency)(const char *, int *);
int (*frequency_offset)(const char *, int *);
int (*txpower)(const char *, int *);
@@ -283,8 +285,6 @@ struct iwinfo_ops {
int (*survey)(const char *, char *, int *);
int (*lookup_phy)(const char *, char *);
void (*close)(void);
- int (*center_chan1)(const char *, int *);
- int (*center_chan2)(const char *, int *);
};
const char * iwinfo_type(const char *ifname);
@@ -2380,14 +2380,18 @@ static void nl80211_get_scanlist_ie(struct nlattr **bss,
IWINFO_CIPHER_TKIP, IWINFO_KMGMT_PSK);
break;
case 61: /* HT oeration */
- e->ht_chan_info.primary_chan = ie[2];
- e->ht_chan_info.secondary_chan_off = ie[3] & 0x3;
- e->ht_chan_info.chan_width = (ie[4] & 0x4)>>2;
+ if (ie[1] >= 3) {
+ e->ht_chan_info.primary_chan = ie[2];
+ e->ht_chan_info.secondary_chan_off = ie[3] & 0x3;
+ e->ht_chan_info.chan_width = (ie[4] & 0x4)>>2;
+ }
break;
case 192: /* VHT operation */
- e->vht_chan_info.chan_width = ie[2];
- e->vht_chan_info.center_chan_1 = ie[3];
- e->vht_chan_info.center_chan_2 = ie[4];
+ if (ie[1] >= 3) {
+ e->vht_chan_info.chan_width = ie[2];
+ e->vht_chan_info.center_chan_1 = ie[3];
+ e->vht_chan_info.center_chan_2 = ie[4];
+ }
break;
}
@@ -3317,6 +3321,8 @@ const struct iwinfo_ops nl80211_ops = {
.name = "nl80211",
.probe = nl80211_probe,
.channel = nl80211_get_channel,
+ .center_chan1 = nl80211_get_center_chan1,
+ .center_chan2 = nl80211_get_center_chan2,
.frequency = nl80211_get_frequency,
.frequency_offset = nl80211_get_frequency_offset,
.txpower = nl80211_get_txpower,
@@ -3345,7 +3351,5 @@ const struct iwinfo_ops nl80211_ops = {
.countrylist = nl80211_get_countrylist,
.survey = nl80211_get_survey,
.lookup_phy = nl80211_lookup_phyname,
- .close = nl80211_close,
- .center_chan1 = nl80211_get_center_chan1,
- .center_chan2 = nl80211_get_center_chan2
+ .close = nl80211_close
};
- Improve iwinfo center channel struct position - Prevent read beyond buffer on malformed data Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com> --- include/iwinfo.h | 4 ++-- iwinfo_nl80211.c | 22 +++++++++++++--------- 2 files changed, 15 insertions(+), 11 deletions(-)