From 7fc89a381c25f4806ff25c7115b242119bfd2401 Mon Sep 17 00:00:00 2001 From: Matteo Cypriani Date: Wed, 18 Jan 2012 10:55:07 +0100 Subject: [PATCH] [Listener] Check radiotap header length From time to time, the length of the radiotap header (rtap_bytes in read_packet()) is 65535. This is a quick & dirty fix to avoid segfaults, but we should search for the reason why this value sometimes appears. --- owlps-listener/owlps-listenerd.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/owlps-listener/owlps-listenerd.c b/owlps-listener/owlps-listenerd.c index 7d74a99..3bfff5b 100644 --- a/owlps-listener/owlps-listenerd.c +++ b/owlps-listener/owlps-listenerd.c @@ -855,6 +855,9 @@ void read_packet(u_char *args, const struct pcap_pkthdr *header, memcpy(&rtap_bytes, &packet[2], sizeof(rtap_bytes)) ; // Radiotap header is little-endian rtap_bytes = le16toh(rtap_bytes) ; + // Check rtap_bytes for buggy values + if (rtap_bytes > 100) + return ; // After the rtap header, there is the 802.11 header; the first byte // is the first byte of the Frame Control (FC) field, which contains