From: James Jones <jejones3141@gmail.com>
Date: Tue, 23 Aug 2022 15:25:15 +0000 (-0500)
Subject: Annotate tainted data (CID #1455247) (#4686)
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2e818e2ebf89b94b06f0565e1dabbbf4375d4f0b;p=thirdparty%2Ffreeradius-server.git

Annotate tainted data (CID #1455247) (#4686)

data, not *data, controls the loop in fr_radius_decode(). The packet
length is checked against byte-swapped data from the packet, but
discrepancies are errors, so it's not set to a tainted value.
---

diff --git a/src/protocols/radius/decode.c b/src/protocols/radius/decode.c
index 7ecfdc016fc..4f4114de0db 100644
--- a/src/protocols/radius/decode.c
+++ b/src/protocols/radius/decode.c
@@ -2077,6 +2077,7 @@ static ssize_t fr_radius_decode_proto(TALLOC_CTX *ctx, fr_pair_list_t *out,
 	memcpy(original + 4, test_ctx->vector, sizeof(test_ctx->vector));
 	test_ctx->end = data + packet_len;
 
+	/* coverity[tainted_data] */
 	return fr_radius_decode(ctx, out, data, packet_len, original,
 				test_ctx->secret, talloc_array_length(test_ctx->secret) - 1);
 }