Pacify Coverity (CID #1503923)

Coverity is not correctly doing the calculations inside the loop to
realise that block_len is safely limited to protect against out of
bounds access to tpasswd.

diff --git a/src/protocols/radius/encode.c b/src/protocols/radius/encode.c
index 5432c63814342132ae8a087b6da5c39bae27e851..867e4b9f31da734d906127e240bea5d2bcb38342 100644 (file)
--- a/src/protocols/radius/encode.c
+++ b/src/protocols/radius/encode.c
@@ -208,6 +208,16 @@ static ssize_t encode_tunnel_password(fr_dbuff_t *dbuff, fr_dbuff_marker_t *in,
                block_len = encrypted_len - n;
                if (block_len > AUTH_PASS_LEN) block_len = AUTH_PASS_LEN;
 
+#ifdef __COVERITY__
+               /*
+                *      Coverity is not doing the calculations correctly - it doesn't see
+                *      that setting block_len = encrypted_len - n puts a safe boundary
+                *      on block_len so the access to tpasswd won't overflow.
+                */
+               if ((block_len + 2 + n) > RADIUS_MAX_STRING_LENGTH) {
+                       block_len = RADIUS_MAX_STRING_LENGTH - n - 3;
+               }
+#endif
                for (i = 0; i < block_len; i++) tpasswd[i + 2 + n] ^= digest[i];
        }