EAP-IKEv2: Make proposal_len validation clearer

Some static analyzers seem to have issues understanding "pos + proposal_len > end" style validation, so convert this to "proposal_len > end - pos" to make this more obvious to be bounds checking for proposal_len. (CID 62874) Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-23 20:39:52 +02:00 · 2014-11-23 20:39:52 +02:00 · d36f416926
commit d36f416926
parent c4de71cec5
1 changed files with 1 additions and 1 deletions
--- a/src/eap_peer/ikev2.c
+++ b/src/eap_peer/ikev2.c
@ -213,7 +213,7 @@ static int ikev2_parse_proposal(struct ikev2_proposal_data *prop,

 	p = (const struct ikev2_proposal *) pos;
 	proposal_len = WPA_GET_BE16(p->proposal_length);
-	if (proposal_len < (int) sizeof(*p) || pos + proposal_len > end) {
+	if (proposal_len < (int) sizeof(*p) || proposal_len > end - pos) {
 		wpa_printf(MSG_INFO, "IKEV2: Invalid proposal length %d",
 			   proposal_len);
 		return -1;