]> git.ipfire.org Git - thirdparty/freeradius-server.git/commitdiff
projects / thirdparty / freeradius-server.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: de99e6d)
check value to quiet coverity
authorAlan T. DeKok <aland@freeradius.org>
Mon, 11 Nov 2024 21:18:50 +0000 (16:18 -0500)
committerAlan T. DeKok <aland@freeradius.org>
Tue, 12 Nov 2024 12:28:13 +0000 (07:28 -0500)
the dbuff code ensures that we don't loop over too much data, but
Coverity doesn't know that.

src/lib/util/cbor.c patch | blob | blame | history

diff --git a/src/lib/util/cbor.c b/src/lib/util/cbor.c
index 8337915d0463781403d680cf6dd2fc97f0e0ca56..8eba200ab77f853e58caf07d5d3e8ded8d478f0a 100644 (file)
--- a/src/lib/util/cbor.c
+++ b/src/lib/util/cbor.c
@@ -1152,6 +1152,10 @@ ssize_t fr_cbor_decode_value_box(TALLOC_CTX *ctx, fr_value_box_t *vb, fr_dbuff_t
                        indefinite = false;
                }
 
+#ifdef STATIC_ANALYZER
+               if (value > fr_dbuff_remaining(&work_dbuff)) return -1;
+#endif
+
                /*
                 *      Loop until we decode everything.  For simplicity, we handle indefinite and definite
                 *      length arrays in the same loop.
@@ -1514,6 +1518,10 @@ ssize_t fr_cbor_decode_pair(TALLOC_CTX *ctx, fr_pair_list_t *out, fr_dbuff_t *db
                indefinite = false;
        }
 
+#ifdef STATIC_ANALYZER
+       if (value > fr_dbuff_remaining(&work_dbuff)) return -1;
+#endif
+
        /*
         *      Loop until we decode everything.  For simplicity, we handle indefinite and definite
         *      length arrays in the same loop.
Mirror of https://github.com/FreeRADIUS/freeradius-server.git