Fix length checks for WPA and RSN IEs

author Marcel Holtmann <marcel@holtmann.org>

Tue, 29 Dec 2009 22:15:51 +0000 (14:15 -0800)

committer Marcel Holtmann <marcel@holtmann.org>

Tue, 29 Dec 2009 22:15:51 +0000 (14:15 -0800)
author Marcel Holtmann <marcel@holtmann.org>
Tue, 29 Dec 2009 22:15:51 +0000 (14:15 -0800)
committer Marcel Holtmann <marcel@holtmann.org>
Tue, 29 Dec 2009 22:15:51 +0000 (14:15 -0800)
diff --git a/plugins/supplicant.c b/plugins/supplicant.c

index 469e861..8ae4b67 100644 (file)
--- a/plugins/supplicant.c
+++ b/plugins/supplicant.c
@@ -1332,7 +1332,7 @@ static void extract_wpaie(DBusMessageIter *value,
         dbus_message_iter_recurse(value, &array);
         dbus_message_iter_get_fixed_array(&array, &ie, &ie_len);
  
-       if (ie_len > 0) {
+       if (ie_len > 6) {
                 result->has_wpa = TRUE;
                 extract_rsn(result, ie + 6, ie_len - 6);
         }
@@ -1348,7 +1348,7 @@ static void extract_rsnie(DBusMessageIter *value,
         dbus_message_iter_recurse(value, &array);
         dbus_message_iter_get_fixed_array(&array, &ie, &ie_len);
  
-       if (ie_len > 0) {
+       if (ie_len > 2) {
                 result->has_rsn = TRUE;
                 extract_rsn(result, ie + 2, ie_len - 2);
         }
author	Marcel Holtmann <marcel@holtmann.org>
	Tue, 29 Dec 2009 22:15:51 +0000 (14:15 -0800)
committer	Marcel Holtmann <marcel@holtmann.org>
	Tue, 29 Dec 2009 22:15:51 +0000 (14:15 -0800)