jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

WPS: Avoid undefined behavior in pointer arithmetic

Browse source 
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2015-10-18 01:42:03 +03:00
parent bf0ec17a51
commit 625745c297
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/wps/wps_attr_parse.c
View file

@ -83,10 +83,10 @@ static int wps_parse_vendor_ext_wfa(struct wps_parse_attr *attr, const u8 *pos,
const u8 *end = pos + len; const u8 *end = pos + len;
u8 id, elen; u8 id, elen;
while (pos + 2 <= end) { while (end - pos >= 2) {
id = *pos++; id = *pos++;
elen = *pos++; elen = *pos++;
if (pos + elen > end) if (elen > end - pos)
break; break;
if (wps_set_vendor_ext_wfa_subelem(attr, id, elen, pos) < 0) if (wps_set_vendor_ext_wfa_subelem(attr, id, elen, pos) < 0)
return -1; return -1;