From: Jouni Malinen <jouni@qca.qualcomm.com>
Date: Fri, 17 Jul 2015 17:43:17 +0000 (+0300)
Subject: WPS: Avoid bogus static analyzer warning in ndef_parse_record()
X-Git-Tag: hostap_2_5~376
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c7068f106f59a8783f5473746fc134b668673d29;p=thirdparty%2Fhostap.git

WPS: Avoid bogus static analyzer warning in ndef_parse_record()

Use a local variable and check the record payload length validity before
writing it into record->payload_length in hopes of getting rid of a
bogus static analyzer warning. The negative return value was sufficient
to avoid record->payload_length being used, but that seems to be too
complex for some analyzers. (CID 122668)

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
---

diff --git a/src/wps/ndef.c b/src/wps/ndef.c
index cc8f6e5cb..bb3c05548 100644
--- a/src/wps/ndef.c
+++ b/src/wps/ndef.c
@@ -45,12 +45,14 @@ static int ndef_parse_record(const u8 *data, u32 size,
 			return -1;
 		record->payload_length = *pos++;
 	} else {
+		u32 len;
+
 		if (size < 6)
 			return -1;
-		record->payload_length = WPA_GET_BE32(pos);
-		if (record->payload_length > size - 6 ||
-		    record->payload_length > 20000)
+		len = WPA_GET_BE32(pos);
+		if (len > size - 6 || len > 20000)
 			return -1;
+		record->payload_length = len;
 		pos += sizeof(u32);
 	}