TLS: Reorder length bounds checking to avoid static analyzer warning

For some reason, "pos + len > end" is not clear enough, but "len > end -
pos" is recognized. Use that to get rid of a false positive from a
static analyzer (CID 72697).

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/tls/tlsv1_server_read.c b/src/tls/tlsv1_server_read.c
index 728e137254d2c2a8bb7d216791aec369358e72e3..310966c2df20d582683cf44cfd02a8be68609102 100644 (file)
--- a/src/tls/tlsv1_server_read.c
+++ b/src/tls/tlsv1_server_read.c
@@ -626,7 +626,7 @@ static int tls_process_client_key_exchange_dh(
        dh_yc_len = WPA_GET_BE16(pos);
        dh_yc = pos + 2;
 
-       if (dh_yc + dh_yc_len > end) {
+       if (dh_yc_len > end - dh_yc) {
                tlsv1_server_log(conn, "Client public value overflow (length %d)",
                                 dh_yc_len);
                tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,