From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 16 Jun 2022 16:18:26 +0000 (+0200)
Subject: fips-prf: Add explicit bound check to avoid GCC 12 compile warning
X-Git-Tag: 5.9.7dr2~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1c198bf22bd96abe8ee91de6f49ea2feab0d7a12;p=thirdparty%2Fstrongswan.git

fips-prf: Add explicit bound check to avoid GCC 12 compile warning

GCC assumes this->b is zero (or may be zero) and spits out the following
warning (or error with -Werror):

src/libstrongswan/plugins/fips_prf/fips_prf.c:124:12: error: array subscript 18446744073709551615 is above array bounds of ‘uint8_t[<U8090>]’ {aka ‘unsigned char[<U8090>]’} [-Werror=array-bounds]
  124 |         one[this->b - 1] = 0x01;
      |         ~~~^~~~~~~~~~~~~
---

diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf.c b/src/libstrongswan/plugins/fips_prf/fips_prf.c
index a51cfe105f..3acec596e2 100644
--- a/src/libstrongswan/plugins/fips_prf/fips_prf.c
+++ b/src/libstrongswan/plugins/fips_prf/fips_prf.c
@@ -114,9 +114,9 @@ METHOD(prf_t, get_bytes, bool,
 	uint8_t *xkey = this->key;
 	uint8_t one[this->b];
 
-	if (!w)
+	if (!w || !this->b)
 	{
-		/* append mode is not supported */
+		/* append mode is not supported, the other check is to make GCC happy */
 		return FALSE;
 	}