Re: tcpdump: decode 802.11 QoS frames correctly

> Date: Sun, 31 Jan 2016 20:57:29 +0100 > From: Stefan Sperling > > On Sun, Jan 31, 2016 at 03:14:46PM +0100, Mark Kettenis wrote: > > I think you should add a TCHECK somewhere at the top for the qos frame > > size otherwise this might look beyond the end of the buffer for > >

Re: tcpdump: decode 802.11 QoS frames correctly

On Sun, Jan 31, 2016 at 03:14:46PM +0100, Mark Kettenis wrote: > I think you should add a TCHECK somewhere at the top for the qos frame > size otherwise this might look beyond the end of the buffer for > specially crafted frames. Oh yes, indeed. Index: print-802_11.c

tcpdump: decode 802.11 QoS frames correctly

This matters for frames which arrived in A-MPDUs. Before: 12:35:07.726898 802.11: QoS data: 00:1e:52:f1:80:55 sap 00 > 58:94:6b:06:70:04 sap 06 I (s=85,r=85,C) len=82 After: 12:49:08.879003 802.11: QoS data: 10.197.84.33 > 10.0.1.3: icmp: echo reply Index: print-802_11.c

Re: tcpdump: decode 802.11 QoS frames correctly

> Date: Sun, 31 Jan 2016 13:36:17 +0100 > From: Stefan Sperling > > On Sun, Jan 31, 2016 at 12:53:09PM +0100, Stefan Sperling wrote: > > This matters for frames which arrived in A-MPDUs. > > > > Before: > > > > 12:35:07.726898 802.11: QoS data: 00:1e:52:f1:80:55 sap 00 > > >