TLS: Reorder length bounds checking to avoid static analyzer warning
For some reason, "pos + len > end" is not clear enough, but "len > end - pos" is recognized. Use that to get rid of a false positive from a static analyzer (CID 72697). Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
41f480005f
commit
7d04364104
1 changed files with 1 additions and 1 deletions
|
|
@ -626,7 +626,7 @@ static int tls_process_client_key_exchange_dh(
|
|||
dh_yc_len = WPA_GET_BE16(pos);
|
||||
dh_yc = pos + 2;
|
||||
|
||||
if (dh_yc + dh_yc_len > end) {
|
||||
if (dh_yc_len > end - dh_yc) {
|
||||
tlsv1_server_log(conn, "Client public value overflow (length %d)",
|
||||
dh_yc_len);
|
||||
tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
|
||||
|
|
|
|||
Loading…
Reference in a new issue