EAP-IKEv2: Try to make transform parser simpler to understand

Use a local variable to try to make ikev2_parse_proposal() easier for
static analyzers to understand. Bounds checking in the loop is really
done by the ikev2_parse_transform() function, so the p->num_transforms
value itself is of no importance for that part and even that was already
implicitly limited in range.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2020-11-03 20:11:17 +02:00 committed by Jouni Malinen
parent ec0d99c00e
commit c42d41bf35

View file

@ -201,7 +201,8 @@ static int ikev2_parse_proposal(struct ikev2_proposal_data *prop,
const u8 *pos, const u8 *end) const u8 *pos, const u8 *end)
{ {
const u8 *pend, *ppos; const u8 *pend, *ppos;
int proposal_len, i; int proposal_len;
unsigned int i, num;
const struct ikev2_proposal *p; const struct ikev2_proposal *p;
if (end - pos < (int) sizeof(*p)) { if (end - pos < (int) sizeof(*p)) {
@ -269,12 +270,13 @@ static int ikev2_parse_proposal(struct ikev2_proposal_data *prop,
return -1; return -1;
} }
if (p->num_transforms == 0) { num = p->num_transforms;
if (num == 0 || num > 255) {
wpa_printf(MSG_INFO, "IKEV2: At least one transform required"); wpa_printf(MSG_INFO, "IKEV2: At least one transform required");
return -1; return -1;
} }
for (i = 0; i < (int) p->num_transforms; i++) { for (i = 0; i < num; i++) {
int tlen = ikev2_parse_transform(prop, ppos, pend); int tlen = ikev2_parse_transform(prop, ppos, pend);
if (tlen < 0) if (tlen < 0)
return -1; return -1;
@ -411,7 +413,7 @@ static int ikev2_process_kei(struct ikev2_responder_data *data,
wpa_hexdump_buf(MSG_DEBUG, "IKEV2: KEi Diffie-Hellman Public Value", wpa_hexdump_buf(MSG_DEBUG, "IKEV2: KEi Diffie-Hellman Public Value",
data->i_dh_public); data->i_dh_public);
return 0; return 0;
} }