From: James Jones <jejones3141@gmail.com>
Date: Wed, 7 Sep 2022 20:28:09 +0000 (-0500)
Subject: Annotate false positive tainted_data (CID #1243443) (#4717)
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c6a6334ce9d96471dca4b04ca3cf1ae2f7a76cc0;p=thirdparty%2Ffreeradius-server.git

Annotate false positive tainted_data (CID #1243443) (#4717)

Coverity doesn't realize that eap_validation(), which is called
before eap_identity(), range checks the length.
---

diff --git a/src/lib/eap/session.c b/src/lib/eap/session.c
index 68751f88276..9aeba055f9f 100644
--- a/src/lib/eap/session.c
+++ b/src/lib/eap/session.c
@@ -273,6 +273,7 @@ static char *eap_identity(request_t *request, eap_session_t *eap_session, eap_pa
 	 *	If the length is 5, then a buffer with a length of 1 is
 	 *	created with a \0 byte.
 	 */
+	/* coverity[tainted_data] */
 	return talloc_bstrndup(eap_session, (char *)&eap_packet->data[1], len - 5);
 }