Attachment #180244 for bug #217312

View | Details | Raw Unified | Return to bug 217312
Collapse All | Expand All

Lines 2997-3002 Link Here

(-)ifieee80211.c (+8 lines)
2997	uint16_t tlv_type = BE_READ_2(ie);	2997	uint16_t tlv_type = BE_READ_2(ie);
2998	uint16_t tlv_len = BE_READ_2(ie + 2);	2998	uint16_t tlv_len = BE_READ_2(ie + 2);
2999		2999
		3000	/* some devices broadcast invalid WPS frames */
		3001	if (tlv_len > len) {
		3002	printf("bad frame length tlv_type=0x%02x "
		3003	"tlv_len=%d len=%d", tlv_type, tlv_len,
		3004	len);
		3005	break;
		3006	}
		3007
3000	ie += 4, len -= 4;	3008	ie += 4, len -= 4;
3001		3009
3002	switch (tlv_type) {	3010	switch (tlv_type) {

Return to bug 217312