RADIUS: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with pos+len operations. end-pos is always defined (with a valid pos pointer) while pos+len could end up pointing beyond the end pointer which would be undefined behavior. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
d2eb91e08f
commit
de7fe64df5
1 changed files with 1 additions and 1 deletions
|
|
@ -704,7 +704,7 @@ struct radius_msg * radius_msg_parse(const u8 *data, size_t len)
|
|||
|
||||
attr = (struct radius_attr_hdr *) pos;
|
||||
|
||||
if (pos + attr->length > end || attr->length < sizeof(*attr))
|
||||
if (attr->length > end - pos || attr->length < sizeof(*attr))
|
||||
goto fail;
|
||||
|
||||
/* TODO: check that attr->length is suitable for attr->type */
|
||||
|
|
|
|||
Loading…
Reference in a new issue