]> git.ipfire.org Git - thirdparty/hostap.git/commitdiff
projects / thirdparty / hostap.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3e94937)
HS 2.0: More explicit hs20_osu_icon_fetch() length validation
authorJouni Malinen <j@w1.fi>
Sun, 23 Nov 2014 16:55:06 +0000 (18:55 +0200)
committerJouni Malinen <j@w1.fi>
Sun, 23 Nov 2014 19:03:40 +0000 (21:03 +0200)
The previous version was fine, but too much for some static analyzers to
understand as proper bounds checking. (CID 68122)

Signed-off-by: Jouni Malinen <j@w1.fi>
wpa_supplicant/hs20_supplicant.c patch | blob | blame | history

diff --git a/wpa_supplicant/hs20_supplicant.c b/wpa_supplicant/hs20_supplicant.c
index 257aa6d113d9c7766279c127ceccc858ea9ef6b2..a36e7cfc7c91229758a0b45b20c9716a5e46a921 100644 (file)
--- a/wpa_supplicant/hs20_supplicant.c
+++ b/wpa_supplicant/hs20_supplicant.c
@@ -778,7 +778,7 @@ void hs20_osu_icon_fetch(struct wpa_supplicant *wpa_s)
                        num_providers--;
                        len = WPA_GET_LE16(pos);
                        pos += 2;
-                       if (pos + len > end)
+                       if (len > (unsigned int) (end - pos))
                                break;
                        hs20_osu_add_prov(wpa_s, bss, osu_ssid,
                                          osu_ssid_len, pos, len);
Unnamed repository; edit this file 'description' to name the repository.