jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Interworking: Make bounds checking easier for static analyzers

Browse source 
'num * 5 > end - pos' handles bounds checking a bit more efficiently,
but apparently that is not clear enough for all static analyzers.
Replace with 'num > left / 5' to avoid false reports. (CID 68117)

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2014-12-06 18:51:23 +02:00
parent 7d04364104
commit d84416a2af
1 changed files with 9 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
wpa_supplicant/interworking.c
View file

@ -508,20 +508,25 @@ static struct nai_realm * nai_realm_parse(struct wpabuf *anqp, u16 *count)
struct nai_realm *realm; struct nai_realm *realm;
const u8 *pos, *end; const u8 *pos, *end;
u16 i, num; u16 i, num;
size_t left;
if (anqp == NULL || wpabuf_len(anqp) < 2) if (anqp == NULL)
return NULL;
left = wpabuf_len(anqp);
if (left < 2)
return NULL; return NULL;
pos = wpabuf_head_u8(anqp); pos = wpabuf_head_u8(anqp);
end = pos + wpabuf_len(anqp); end = pos + left;
num = WPA_GET_LE16(pos); num = WPA_GET_LE16(pos);
wpa_printf(MSG_DEBUG, "NAI Realm Count: %u", num); wpa_printf(MSG_DEBUG, "NAI Realm Count: %u", num);
pos += 2; pos += 2;
left -= 2;
if (num * 5 > end - pos) { if (num > left / 5) {
wpa_printf(MSG_DEBUG, "Invalid NAI Realm Count %u - not " wpa_printf(MSG_DEBUG, "Invalid NAI Realm Count %u - not "
"enough data (%u octets) for that many realms", "enough data (%u octets) for that many realms",
num, (unsigned int) (end - pos)); num, (unsigned int) left);
return NULL; return NULL;
} }