From: Jouni Malinen <j@w1.fi>
Date: Sun, 23 Nov 2014 18:36:17 +0000 (+0200)
Subject: EAP-FAST: Make PAC file A_ID parser easier to analyze
X-Git-Tag: hostap_2_4~1041
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c4de71cec539f3d28fa9a6b2a0cf6a0345b3d8b9;p=thirdparty%2Fhostap.git

EAP-FAST: Make PAC file A_ID parser easier to analyze

Some static analyzers seem to have issues with "pos + len > end"
validation (CID 62875), so convert this to "len > end - pos" to make it
more obvious that len is validated against its bounds.

Signed-off-by: Jouni Malinen <j@w1.fi>
---

diff --git a/src/eap_peer/eap_fast_pac.c b/src/eap_peer/eap_fast_pac.c
index 377080f83..32da82ce8 100644
--- a/src/eap_peer/eap_fast_pac.c
+++ b/src/eap_peer/eap_fast_pac.c
@@ -714,7 +714,7 @@ static void eap_fast_pac_get_a_id(struct eap_fast_pac *pac)
 		pos += 2;
 		len = WPA_GET_BE16(pos);
 		pos += 2;
-		if (pos + len > end)
+		if (len > (unsigned int) (end - pos))
 			break;
 
 		if (type == PAC_TYPE_A_ID) {