EAP-GPSK: Avoid dead increment by checking pos pointer

Instead of using the pre-calculated length of the buffer, determine the
length of used data based on the pos pointer. This avoids a static
analyzer warning about dead increment.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/eap_common/eap_gpsk_common.c b/src/eap_common/eap_gpsk_common.c
index 7a33215f9b8943866da954762160fc1c2fb9d198..8c7ae27b933c2b28a75aedc364ddd8e54a4795e3 100644 (file)
--- a/src/eap_common/eap_gpsk_common.c
+++ b/src/eap_common/eap_gpsk_common.c
@@ -284,7 +284,6 @@ int eap_gpsk_derive_keys(const u8 *psk, size_t psk_len, int vendor,
                         u8 *pk, size_t *pk_len)
 {
        u8 *seed, *pos;
-       size_t seed_len;
        int ret;
 
        wpa_printf(MSG_DEBUG, "EAP-GPSK: Deriving keys (%d:%d)",
@@ -296,8 +295,7 @@ int eap_gpsk_derive_keys(const u8 *psk, size_t psk_len, int vendor,
        wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: PSK", psk, psk_len);
 
        /* Seed = RAND_Peer || ID_Peer || RAND_Server || ID_Server */
-       seed_len = 2 * EAP_GPSK_RAND_LEN + id_server_len + id_peer_len;
-       seed = os_malloc(seed_len);
+       seed = os_malloc(2 * EAP_GPSK_RAND_LEN + id_server_len + id_peer_len);
        if (seed == NULL) {
                wpa_printf(MSG_DEBUG, "EAP-GPSK: Failed to allocate memory "
                           "for key derivation");
@@ -313,17 +311,18 @@ int eap_gpsk_derive_keys(const u8 *psk, size_t psk_len, int vendor,
        pos += EAP_GPSK_RAND_LEN;
        os_memcpy(pos, id_server, id_server_len);
        pos += id_server_len;
-       wpa_hexdump(MSG_DEBUG, "EAP-GPSK: Seed", seed, seed_len);
+       wpa_hexdump(MSG_DEBUG, "EAP-GPSK: Seed", seed, pos - seed);
 
        switch (specifier) {
        case EAP_GPSK_CIPHER_AES:
-               ret = eap_gpsk_derive_keys_aes(psk, psk_len, seed, seed_len,
+               ret = eap_gpsk_derive_keys_aes(psk, psk_len, seed, pos - seed,
                                               msk, emsk, sk, sk_len,
                                               pk, pk_len);
                break;
 #ifdef EAP_GPSK_SHA256
        case EAP_GPSK_CIPHER_SHA256:
-               ret = eap_gpsk_derive_keys_sha256(psk, psk_len, seed, seed_len,
+               ret = eap_gpsk_derive_keys_sha256(psk, psk_len, seed,
+                                                 pos - seed,
                                                  msk, emsk, sk, sk_len);
                break;
 #endif /* EAP_GPSK_SHA256 */
@@ -423,7 +422,6 @@ int eap_gpsk_derive_session_id(const u8 *psk, size_t psk_len, int vendor,
 {
        u8 *seed, *pos;
        u8 kdf_out[16];
-       size_t seed_len;
        int ret;
 
        wpa_printf(MSG_DEBUG, "EAP-GPSK: Deriving Session ID(%d:%d)",
@@ -441,8 +439,7 @@ int eap_gpsk_derive_session_id(const u8 *psk, size_t psk_len, int vendor,
         * Method-ID = GKDF-16 (zero, "Method ID" || EAP_Method_Type ||
         *                      CSuite_Sel || inputString)
         */
-       seed_len = 2 * EAP_GPSK_RAND_LEN + id_server_len + id_peer_len;
-       seed = os_malloc(seed_len);
+       seed = os_malloc(2 * EAP_GPSK_RAND_LEN + id_server_len + id_peer_len);
        if (seed == NULL) {
                wpa_printf(MSG_DEBUG, "EAP-GPSK: Failed to allocate memory "
                           "for Session-Id derivation");
@@ -458,11 +455,11 @@ int eap_gpsk_derive_session_id(const u8 *psk, size_t psk_len, int vendor,
        pos += EAP_GPSK_RAND_LEN;
        os_memcpy(pos, id_server, id_server_len);
        pos += id_server_len;
-       wpa_hexdump(MSG_DEBUG, "EAP-GPSK: Seed", seed, seed_len);
+       wpa_hexdump(MSG_DEBUG, "EAP-GPSK: Seed", seed, pos - seed);
 
        ret = eap_gpsk_derive_mid_helper(specifier,
                                         kdf_out, sizeof(kdf_out),
-                                        psk, seed, seed_len,
+                                        psk, seed, pos - seed,
                                         method_type);
 
        sid[0] = method_type;