wlantest: Avoid heap-overflow on unexpected data

We're doing a sort of bounds check, based on the previous loop, but only after we've already tried to read off the end. This squashes some ASAN errors I'm seeing when running the ap_ft hwsim test module. Signed-off-by: Brian Norris <briannorris@chromium.org>
2020-08-19 12:44:46 -07:00 · 2020-08-19 12:44:46 -07:00 · 22c06de911
commit 22c06de911
parent 2caff11d7a
1 changed files with 2 additions and 2 deletions
--- a/wlantest/rx_eapol.c
+++ b/wlantest/rx_eapol.c
@ -722,8 +722,8 @@ static void rx_data_eapol_key_3_of_4(struct wlantest *wt, const u8 *dst,
 			}
 			p += 2 + p[1];
 		}
-		if (p && p > decrypted && *p == 0xdd &&
-		    p + 1 == decrypted + decrypted_len) {
+		if (p && p > decrypted && p + 1 == decrypted + decrypted_len &&
+		    *p == 0xdd) {
 			/* Remove padding */
 			p--;
 			plain_len = p - decrypted;