]> git.ipfire.org Git - thirdparty/hostap.git/commitdiff
EAP-TEAP: Check session_id length explicitly to avoid warnings
authorJouni Malinen <j@w1.fi>
Sun, 23 Feb 2025 15:00:09 +0000 (17:00 +0200)
committerJouni Malinen <j@w1.fi>
Sun, 23 Feb 2025 15:00:09 +0000 (17:00 +0200)
Some static analyzers might expect tls_get_tls_unique() to be able to
return arbitrarily large values and warn about integer overflow here.
Avoid such incorrect warnings with an explicit check.

Signed-off-by: Jouni Malinen <j@w1.fi>
src/eap_peer/eap_teap.c

index 8ce7cb7e9149be06641c62969db71569125d1943..b9c1ece31fcb26250e653eb5a1b040429fe7b216 100644 (file)
@@ -666,7 +666,7 @@ static int eap_teap_session_id(struct eap_teap_data *data)
        data->session_id[0] = EAP_TYPE_TEAP;
        res = tls_get_tls_unique(data->ssl.conn, data->session_id + 1,
                                 max_id_len - 1);
-       if (res < 0) {
+       if (res < 0 || (size_t) res >= max_id_len) {
                os_free(data->session_id);
                data->session_id = NULL;
                wpa_printf(MSG_ERROR, "EAP-TEAP: Failed to derive Session-Id");