Make GTK length validation easier to analyze
Bounds checking for gd->gtk_len in wpa_supplicant_check_group_cipher() was apparently too complex for some static analyzers. Use a local variable and a more explicit validation step to avoid false report. (CID 62864) Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
369d07afc1
commit
c397eff828
1 changed files with 6 additions and 3 deletions
|
|
@ -1276,8 +1276,9 @@ static int wpa_supplicant_process_1_of_2_wpa(struct wpa_sm *sm,
|
||||||
u16 ver, struct wpa_gtk_data *gd)
|
u16 ver, struct wpa_gtk_data *gd)
|
||||||
{
|
{
|
||||||
size_t maxkeylen;
|
size_t maxkeylen;
|
||||||
|
u16 gtk_len;
|
||||||
|
|
||||||
gd->gtk_len = WPA_GET_BE16(key->key_length);
|
gtk_len = WPA_GET_BE16(key->key_length);
|
||||||
maxkeylen = key_data_len;
|
maxkeylen = key_data_len;
|
||||||
if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
|
if (ver == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
|
||||||
if (maxkeylen < 8) {
|
if (maxkeylen < 8) {
|
||||||
|
|
@ -1289,11 +1290,13 @@ static int wpa_supplicant_process_1_of_2_wpa(struct wpa_sm *sm,
|
||||||
maxkeylen -= 8;
|
maxkeylen -= 8;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
|
if (gtk_len > maxkeylen ||
|
||||||
gd->gtk_len, maxkeylen,
|
wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
|
||||||
|
gtk_len, maxkeylen,
|
||||||
&gd->key_rsc_len, &gd->alg))
|
&gd->key_rsc_len, &gd->alg))
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
|
gd->gtk_len = gtk_len;
|
||||||
gd->keyidx = (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
|
gd->keyidx = (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
|
||||||
WPA_KEY_INFO_KEY_INDEX_SHIFT;
|
WPA_KEY_INFO_KEY_INDEX_SHIFT;
|
||||||
if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4) {
|
if (ver == WPA_KEY_INFO_TYPE_HMAC_MD5_RC4) {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue