wlantest: Avoid heap-overflow on unexpected data

We're doing a sort of bounds check, based on the previous loop, but only
after we've already tried to read off the end.

This squashes some ASAN errors I'm seeing when running the ap_ft hwsim
test module.

Signed-off-by: Brian Norris <briannorris@chromium.org>

diff --git a/wlantest/rx_eapol.c b/wlantest/rx_eapol.c
index d75ed92ba73dab002b741c84888fa95fcad4ec2f..44388fdda4e064fb91128c5c9540a52ec64448d6 100644 (file)
--- a/wlantest/rx_eapol.c
+++ b/wlantest/rx_eapol.c
@@ -722,8 +722,8 @@ static void rx_data_eapol_key_3_of_4(struct wlantest *wt, const u8 *dst,
                        }
                        p += 2 + p[1];
                }
-               if (p && p > decrypted && *p == 0xdd &&
-                   p + 1 == decrypted + decrypted_len) {
+               if (p && p > decrypted && p + 1 == decrypted + decrypted_len &&
+                   *p == 0xdd) {
                        /* Remove padding */
                        p--;
                        plain_len = p - decrypted;