EAP-IKEv2: Try to make transform parser simpler to understand

Use a local variable to try to make ikev2_parse_proposal() easier for
static analyzers to understand. Bounds checking in the loop is really
done by the ikev2_parse_transform() function, so the p->num_transforms
value itself is of no importance for that part and even that was already
implicitly limited in range.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/src/eap_peer/ikev2.c b/src/eap_peer/ikev2.c
index 7bd97b1b997ef95feb2ad0e5d3e7d6ce1fb9c213..c2e6c5df5e9e96c629bbd5e646c335387b6fa480 100644 (file)
--- a/src/eap_peer/ikev2.c
+++ b/src/eap_peer/ikev2.c
@@ -201,7 +201,8 @@ static int ikev2_parse_proposal(struct ikev2_proposal_data *prop,
                                const u8 *pos, const u8 *end)
 {
        const u8 *pend, *ppos;
-       int proposal_len, i;
+       int proposal_len;
+       unsigned int i, num;
        const struct ikev2_proposal *p;
 
        if (end - pos < (int) sizeof(*p)) {
@@ -269,12 +270,13 @@ static int ikev2_parse_proposal(struct ikev2_proposal_data *prop,
                return -1;
        }
 
-       if (p->num_transforms == 0) {
+       num = p->num_transforms;
+       if (num == 0 || num > 255) {
                wpa_printf(MSG_INFO, "IKEV2: At least one transform required");
                return -1;
        }
 
-       for (i = 0; i < (int) p->num_transforms; i++) {
+       for (i = 0; i < num; i++) {
                int tlen = ikev2_parse_transform(prop, ppos, pend);
                if (tlen < 0)
                        return -1;
@@ -411,7 +413,7 @@ static int ikev2_process_kei(struct ikev2_responder_data *data,
 
        wpa_hexdump_buf(MSG_DEBUG, "IKEV2: KEi Diffie-Hellman Public Value",
                        data->i_dh_public);
-       
+
        return 0;
 }