jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Make radius_msg_add_attr_user_password() easier for static analyzers

Browse source 
Explicitly validate data_len so that static analyzers do not get
confused about the padlen validation. This is not really needed, but it
makes the code a bit easier for static analyzers.

Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2011-11-13 23:14:57 +02:00
parent a9ea17491a
commit 16cc7a4304
1 changed files with 2 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/radius/radius.c
View file

@ -1090,8 +1090,7 @@ radius_msg_add_attr_user_password(struct radius_msg *msg,
const u8 *secret, size_t secret_len)
{
u8 buf[128];
int padlen, i;
size_t buf_len, pos;
size_t padlen, i, buf_len, pos;
const u8 *addr[2];
size_t len[2];
u8 hash[16];
@ -1103,7 +1102,7 @@ radius_msg_add_attr_user_password(struct radius_msg *msg,
buf_len = data_len;
padlen = data_len % 16;
if (padlen) {
if (padlen && data_len < sizeof(buf)) {
padlen = 16 - padlen;
os_memset(buf + data_len, 0, padlen);
buf_len += padlen;