From: Jouni Malinen <j@w1.fi>
Date: Sun, 9 Feb 2025 16:20:31 +0000 (+0200)
Subject: EAP-pwd: Make code easier for static analyzers
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6fe367d6c4790d5c96ca4bf5148200b85d6b66ab;p=thirdparty%2Fhostap.git

EAP-pwd: Make code easier for static analyzers

resultbytelen cannot be 0 when resultbitlen != 0 and as such,
result[resultbytelen - 1] here cannot point to invalid index. However,
this is apparently too complex for static analyzers, so make this more
obvious to avoid false positives.

Signed-off-by: Jouni Malinen <j@w1.fi>
---

diff --git a/src/eap_common/eap_pwd_common.c b/src/eap_common/eap_pwd_common.c
index ff8ad8d72..fa7ecd01e 100644
--- a/src/eap_common/eap_pwd_common.c
+++ b/src/eap_common/eap_pwd_common.c
@@ -76,7 +76,7 @@ static int eap_pwd_kdf(const u8 *key, size_t keylen, const u8 *label,
 	}
 
 	/* since we're expanding to a bit length, mask off the excess */
-	if (resultbitlen % 8) {
+	if (resultbytelen > 0 && (resultbitlen % 8)) {
 		u8 mask = 0xff;
 		mask <<= (8 - (resultbitlen % 8));
 		result[resultbytelen - 1] &= mask;