EAP-IKEv2: Try to make transform parser simpler to understand
Use a local variable to try to make ikev2_parse_proposal() easier for static analyzers to understand. Bounds checking in the loop is really done by the ikev2_parse_transform() function, so the p->num_transforms value itself is of no importance for that part and even that was already implicitly limited in range. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
parent
ec0d99c00e
commit
c42d41bf35
1 changed files with 6 additions and 4 deletions
|
@ -201,7 +201,8 @@ static int ikev2_parse_proposal(struct ikev2_proposal_data *prop,
|
||||||
const u8 *pos, const u8 *end)
|
const u8 *pos, const u8 *end)
|
||||||
{
|
{
|
||||||
const u8 *pend, *ppos;
|
const u8 *pend, *ppos;
|
||||||
int proposal_len, i;
|
int proposal_len;
|
||||||
|
unsigned int i, num;
|
||||||
const struct ikev2_proposal *p;
|
const struct ikev2_proposal *p;
|
||||||
|
|
||||||
if (end - pos < (int) sizeof(*p)) {
|
if (end - pos < (int) sizeof(*p)) {
|
||||||
|
@ -269,12 +270,13 @@ static int ikev2_parse_proposal(struct ikev2_proposal_data *prop,
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (p->num_transforms == 0) {
|
num = p->num_transforms;
|
||||||
|
if (num == 0 || num > 255) {
|
||||||
wpa_printf(MSG_INFO, "IKEV2: At least one transform required");
|
wpa_printf(MSG_INFO, "IKEV2: At least one transform required");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
for (i = 0; i < (int) p->num_transforms; i++) {
|
for (i = 0; i < num; i++) {
|
||||||
int tlen = ikev2_parse_transform(prop, ppos, pend);
|
int tlen = ikev2_parse_transform(prop, ppos, pend);
|
||||||
if (tlen < 0)
|
if (tlen < 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
@ -411,7 +413,7 @@ static int ikev2_process_kei(struct ikev2_responder_data *data,
|
||||||
|
|
||||||
wpa_hexdump_buf(MSG_DEBUG, "IKEV2: KEi Diffie-Hellman Public Value",
|
wpa_hexdump_buf(MSG_DEBUG, "IKEV2: KEi Diffie-Hellman Public Value",
|
||||||
data->i_dh_public);
|
data->i_dh_public);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue