]> git.ipfire.org Git - thirdparty/hostap.git/commitdiff
projects / thirdparty / hostap.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c4de71c)
EAP-IKEv2: Make proposal_len validation clearer
authorJouni Malinen <j@w1.fi>
Sun, 23 Nov 2014 18:39:52 +0000 (20:39 +0200)
committerJouni Malinen <j@w1.fi>
Sun, 23 Nov 2014 19:03:40 +0000 (21:03 +0200)
Some static analyzers seem to have issues understanding "pos +
proposal_len > end" style validation, so convert this to "proposal_len >
end - pos" to make this more obvious to be bounds checking for
proposal_len. (CID 62874)

Signed-off-by: Jouni Malinen <j@w1.fi>
src/eap_peer/ikev2.c patch | blob | blame | history

diff --git a/src/eap_peer/ikev2.c b/src/eap_peer/ikev2.c
index 8186afb53e299d05263aa524832fd9ea2f86e732..e6a173ec14394755231bd0776ad46e464d72354f 100644 (file)
--- a/src/eap_peer/ikev2.c
+++ b/src/eap_peer/ikev2.c
@@ -213,7 +213,7 @@ static int ikev2_parse_proposal(struct ikev2_proposal_data *prop,
 
        p = (const struct ikev2_proposal *) pos;
        proposal_len = WPA_GET_BE16(p->proposal_length);
-       if (proposal_len < (int) sizeof(*p) || pos + proposal_len > end) {
+       if (proposal_len < (int) sizeof(*p) || proposal_len > end - pos) {
                wpa_printf(MSG_INFO, "IKEV2: Invalid proposal length %d",
                           proposal_len);
                return -1;
Unnamed repository; edit this file 'description' to name the repository.