From 68fffafea5fc91b80adc967f94f7c227aea4b795 Mon Sep 17 00:00:00 2001 From: NĂ©lio Laranjeiro Date: Fri, 4 Nov 2011 12:07:24 +0100 Subject: cesar/interface/sniffer: bad addr was given to the lib function, closes #2824 bsu_beacon_write_bitstream_initialised_no_nid need the pointer to the beginning of the bitstream. --- cesar/bsu/beacon/src/beacon.c | 3 ++- cesar/bsu/beacon/test/utest/src/beacon.c | 4 ++-- cesar/interface/sniffer/src/sniffer.c | 3 +-- 3 files changed, 5 insertions(+), 5 deletions(-) (limited to 'cesar') diff --git a/cesar/bsu/beacon/src/beacon.c b/cesar/bsu/beacon/src/beacon.c index 67ebf18342..57ffcc9966 100644 --- a/cesar/bsu/beacon/src/beacon.c +++ b/cesar/bsu/beacon/src/beacon.c @@ -922,7 +922,8 @@ bsu_beacon_read (pb_beacon_t *pbbeacon, bsu_beacon_t *beacon) for (nbe = 0; ok && nbe < beacon->bmis.nbe; nbe++) { ok = bsu_beacon_read_bmi_header (&stream, &header, &length) - && header >= header_prev; + && header >= header_prev + && length; if (ok) { switch (header) diff --git a/cesar/bsu/beacon/test/utest/src/beacon.c b/cesar/bsu/beacon/test/utest/src/beacon.c index 35c36c39ff..ebf5bd0e09 100644 --- a/cesar/bsu/beacon/test/utest/src/beacon.c +++ b/cesar/bsu/beacon/test/utest/src/beacon.c @@ -260,9 +260,9 @@ test_case_beacon_bmi_vendor_bentry (test_t test) /* Add a vendor specific bentry after all the other ones */ bitstream_direct_write (phy_beacon->data, 8*90 + 72, BSU_BEACON_ENTRY_HEADER_VENDOR, 8); - /* Set a null size for the vendor bentry */ + /* Set a non null size for the vendor bentry */ bitstream_direct_write (phy_beacon->data, 8*90 + 80, - 0, 8); + 5, 8); memset (&beacon, 0, sizeof (bsu_beacon_t)); returned = bsu_beacon_read (phy_beacon, &beacon); test_fail_unless (returned == true); diff --git a/cesar/interface/sniffer/src/sniffer.c b/cesar/interface/sniffer/src/sniffer.c index faae0fc84f..ce7afc47ae 100644 --- a/cesar/interface/sniffer/src/sniffer.c +++ b/cesar/interface/sniffer/src/sniffer.c @@ -163,9 +163,8 @@ interface_sniffer_copy_beacon ( bitstream_write (&bitstream, INTERFACE_SNIFFER_TYPE_BEACON, 8); /* 0 for TX, 1 for RX. */ bitstream_write (&bitstream, !tx, 8); - u8 *data = buffer + bitstream_written_bits (&bitstream) / 8; bitstream_write_large (&bitstream, beacon->vf.nid, 54); - bsu_beacon_write_bitstream_initialised_no_nid (beacon, &bitstream, data); + bsu_beacon_write_bitstream_initialised_no_nid (beacon, &bitstream, buffer); bitstream_finalise (&bitstream); word[0] = BF_FILL (IPMBOX_REG, (MSG_TYPE, HLE_MSG_TYPE_INTERFACE), -- cgit v1.2.3