eap-mschapv2: Fix compile warning/error when compiled with -Warray-bounds

Since the allocated data was smaller than sizeof(eap_mschapv2_header_t),
the following compile error was triggered (with newer GCC versions):

eap_mschapv2.c: In function 'process_peer_success':
eap_mschapv2.c:945:12: error: array subscript 'eap_mschapv2_header_t[0]' is partly outside array bounds of 'unsigned char[6]' [-Werror=array-bounds]
  945 |         eap->code = EAP_RESPONSE;
      |            ^~
In file included from /usr/include/stdlib.h:587,
                 from ../../../../src/libstrongswan/utils/printf_hook/printf_hook.h:26,
                 from ../../../../src/libstrongswan/library.h:101,
                 from ../../../../src/libcharon/sa/eap/eap_method.h:28,
                 from eap_mschapv2.h:27,
                 from eap_mschapv2.c:18:
eap_mschapv2.c:944:15: note: object of size 6 allocated by '__builtin_alloca'
  944 |         eap = alloca(len);
      |               ^~~~~~

Closes strongswan/strongswan#1188
Closes strongswan/strongswan#1215

diff --git a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c
index 258b7f6d88ba714334dc669d421d426c8118174b..4e3b05da9a95e30005e840b2578895da559c7c5a 100644 (file)
--- a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c
+++ b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c
@@ -239,8 +239,8 @@ struct eap_mschapv2_response_t
 #define HEADER_LEN (sizeof(eap_mschapv2_header_t))
 
 /**
- * Length of the header for MS-CHAPv2 success/failure packets (does not include
- * MS-CHAPv2-ID and MS-Length, i.e. 3 octets)
+ * Length of the header as used for MS-CHAPv2 success packets (does
+ * not include MS-CHAPv2-ID, MS-Length or any data, i.e. 3 octets)
  */
 #define SHORT_HEADER_LEN (HEADER_LEN - 3)
 
@@ -883,7 +883,6 @@ static status_t process_peer_success(private_eap_mschapv2_t *this,
        chunk_t data, auth_string = chunk_empty;
        char *message, *token, *msg = NULL;
        int message_len;
-       uint16_t len = SHORT_HEADER_LEN;
 
        data = in->get_data(in);
        eap = (eap_mschapv2_header_t*)data.ptr;
@@ -941,14 +940,14 @@ static status_t process_peer_success(private_eap_mschapv2_t *this,
 
        DBG1(DBG_IKE, "EAP-MS-CHAPv2 succeeded: '%s'", sanitize(msg));
 
-       eap = alloca(len);
+       eap = alloca(HEADER_LEN);
        eap->code = EAP_RESPONSE;
        eap->identifier = this->identifier;
-       eap->length = htons(len);
+       eap->length = htons(SHORT_HEADER_LEN);
        eap->type = EAP_MSCHAPV2;
        eap->opcode = MSCHAPV2_SUCCESS;
 
-       *out = eap_payload_create_data(chunk_create((void*) eap, len));
+       *out = eap_payload_create_data(chunk_create((void*)eap, SHORT_HEADER_LEN));
        status = NEED_MORE;
        this->state = S_DONE;