EAP-IKEv2: Make proposal_len validation clearer

Some static analyzers seem to have issues understanding "pos +
proposal_len > end" style validation, so convert this to "proposal_len >
end - pos" to make this more obvious to be bounds checking for
proposal_len. (CID 62874)

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2014-11-23 20:39:52 +02:00
parent c4de71cec5
commit d36f416926

View file

@ -213,7 +213,7 @@ static int ikev2_parse_proposal(struct ikev2_proposal_data *prop,
p = (const struct ikev2_proposal *) pos; p = (const struct ikev2_proposal *) pos;
proposal_len = WPA_GET_BE16(p->proposal_length); proposal_len = WPA_GET_BE16(p->proposal_length);
if (proposal_len < (int) sizeof(*p) || pos + proposal_len > end) { if (proposal_len < (int) sizeof(*p) || proposal_len > end - pos) {
wpa_printf(MSG_INFO, "IKEV2: Invalid proposal length %d", wpa_printf(MSG_INFO, "IKEV2: Invalid proposal length %d",
proposal_len); proposal_len);
return -1; return -1;