jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

P2P: Make p2p_parse_p2p_ie() validation steps easier to analyze

Browse source 
Validation was fine, but a bit too complex for some static analyzers to
understand. (CID 68125)

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2014-11-23 18:51:16 +02:00
parent 46a0352589
commit 3e94937fa4
1 changed files with 11 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
src/p2p/p2p_parse.c
View file

@ -309,23 +309,27 @@ int p2p_parse_p2p_ie(const struct wpabuf *buf, struct p2p_message *msg)
while (pos < end) { while (pos < end) {
u16 attr_len; u16 attr_len;
if (pos + 2 >= end) { u8 id;
if (end - pos < 3) {
wpa_printf(MSG_DEBUG, "P2P: Invalid P2P attribute"); wpa_printf(MSG_DEBUG, "P2P: Invalid P2P attribute");
return -1; return -1;
} }
attr_len = WPA_GET_LE16(pos + 1); id = *pos++;
attr_len = WPA_GET_LE16(pos);
pos += 2;
wpa_printf(MSG_DEBUG, "P2P: Attribute %d length %u", wpa_printf(MSG_DEBUG, "P2P: Attribute %d length %u",
pos[0], attr_len); id, attr_len);
if (pos + 3 + attr_len > end) { if (attr_len > end - pos) {
wpa_printf(MSG_DEBUG, "P2P: Attribute underflow " wpa_printf(MSG_DEBUG, "P2P: Attribute underflow "
"(len=%u left=%d)", "(len=%u left=%d)",
attr_len, (int) (end - pos - 3)); attr_len, (int) (end - pos));
wpa_hexdump(MSG_MSGDUMP, "P2P: Data", pos, end - pos); wpa_hexdump(MSG_MSGDUMP, "P2P: Data", pos, end - pos);
return -1; return -1;
} }
if (p2p_parse_attribute(pos[0], pos + 3, attr_len, msg)) if (p2p_parse_attribute(id, pos, attr_len, msg))
return -1; return -1;
pos += 3 + attr_len; pos += attr_len;
} }
return 0; return 0;