From: Tobias Brunner Date: Mon, 15 Aug 2022 12:34:34 +0000 (+0200) Subject: eap-mschapv2: Fix compile warning/error when compiled with -Warray-bounds X-Git-Tag: 5.9.8dr1~5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=47fd5ab6b5d9751f4025af89c0892d3bfa84a0fe;p=thirdparty%2Fstrongswan.git eap-mschapv2: Fix compile warning/error when compiled with -Warray-bounds Since the allocated data was smaller than sizeof(eap_mschapv2_header_t), the following compile error was triggered (with newer GCC versions): eap_mschapv2.c: In function 'process_peer_success': eap_mschapv2.c:945:12: error: array subscript 'eap_mschapv2_header_t[0]' is partly outside array bounds of 'unsigned char[6]' [-Werror=array-bounds] 945 | eap->code = EAP_RESPONSE; | ^~ In file included from /usr/include/stdlib.h:587, from ../../../../src/libstrongswan/utils/printf_hook/printf_hook.h:26, from ../../../../src/libstrongswan/library.h:101, from ../../../../src/libcharon/sa/eap/eap_method.h:28, from eap_mschapv2.h:27, from eap_mschapv2.c:18: eap_mschapv2.c:944:15: note: object of size 6 allocated by '__builtin_alloca' 944 | eap = alloca(len); | ^~~~~~ Closes strongswan/strongswan#1188 Closes strongswan/strongswan#1215 --- diff --git a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c index 258b7f6d88..4e3b05da9a 100644 --- a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c +++ b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c @@ -239,8 +239,8 @@ struct eap_mschapv2_response_t #define HEADER_LEN (sizeof(eap_mschapv2_header_t)) /** - * Length of the header for MS-CHAPv2 success/failure packets (does not include - * MS-CHAPv2-ID and MS-Length, i.e. 3 octets) + * Length of the header as used for MS-CHAPv2 success packets (does + * not include MS-CHAPv2-ID, MS-Length or any data, i.e. 3 octets) */ #define SHORT_HEADER_LEN (HEADER_LEN - 3) @@ -883,7 +883,6 @@ static status_t process_peer_success(private_eap_mschapv2_t *this, chunk_t data, auth_string = chunk_empty; char *message, *token, *msg = NULL; int message_len; - uint16_t len = SHORT_HEADER_LEN; data = in->get_data(in); eap = (eap_mschapv2_header_t*)data.ptr; @@ -941,14 +940,14 @@ static status_t process_peer_success(private_eap_mschapv2_t *this, DBG1(DBG_IKE, "EAP-MS-CHAPv2 succeeded: '%s'", sanitize(msg)); - eap = alloca(len); + eap = alloca(HEADER_LEN); eap->code = EAP_RESPONSE; eap->identifier = this->identifier; - eap->length = htons(len); + eap->length = htons(SHORT_HEADER_LEN); eap->type = EAP_MSCHAPV2; eap->opcode = MSCHAPV2_SUCCESS; - *out = eap_payload_create_data(chunk_create((void*) eap, len)); + *out = eap_payload_create_data(chunk_create((void*)eap, SHORT_HEADER_LEN)); status = NEED_MORE; this->state = S_DONE;