TLS client: Make DH parameter parsing easier for static analyzers
The dh_p_len, dh_g_len, and dh_ys_len parameters were validated against the received message structure, but that did not seem to be done in a way that some static analyzers would understand this (CID 72699). Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
92b5b371b6
commit
e7b96ecdb3
1 changed files with 3 additions and 3 deletions
|
@ -451,7 +451,7 @@ static int tlsv1_process_diffie_hellman(struct tlsv1_client *conn,
|
||||||
server_params = pos;
|
server_params = pos;
|
||||||
conn->dh_p_len = WPA_GET_BE16(pos);
|
conn->dh_p_len = WPA_GET_BE16(pos);
|
||||||
pos += 2;
|
pos += 2;
|
||||||
if (conn->dh_p_len == 0 || end - pos < (int) conn->dh_p_len) {
|
if (conn->dh_p_len == 0 || conn->dh_p_len > (size_t) (end - pos)) {
|
||||||
wpa_printf(MSG_DEBUG, "TLSv1: Invalid dh_p length %lu",
|
wpa_printf(MSG_DEBUG, "TLSv1: Invalid dh_p length %lu",
|
||||||
(unsigned long) conn->dh_p_len);
|
(unsigned long) conn->dh_p_len);
|
||||||
goto fail;
|
goto fail;
|
||||||
|
@ -476,7 +476,7 @@ static int tlsv1_process_diffie_hellman(struct tlsv1_client *conn,
|
||||||
goto fail;
|
goto fail;
|
||||||
conn->dh_g_len = WPA_GET_BE16(pos);
|
conn->dh_g_len = WPA_GET_BE16(pos);
|
||||||
pos += 2;
|
pos += 2;
|
||||||
if (conn->dh_g_len == 0 || end - pos < (int) conn->dh_g_len)
|
if (conn->dh_g_len == 0 || conn->dh_g_len > (size_t) (end - pos))
|
||||||
goto fail;
|
goto fail;
|
||||||
conn->dh_g = os_malloc(conn->dh_g_len);
|
conn->dh_g = os_malloc(conn->dh_g_len);
|
||||||
if (conn->dh_g == NULL)
|
if (conn->dh_g == NULL)
|
||||||
|
@ -492,7 +492,7 @@ static int tlsv1_process_diffie_hellman(struct tlsv1_client *conn,
|
||||||
goto fail;
|
goto fail;
|
||||||
conn->dh_ys_len = WPA_GET_BE16(pos);
|
conn->dh_ys_len = WPA_GET_BE16(pos);
|
||||||
pos += 2;
|
pos += 2;
|
||||||
if (conn->dh_ys_len == 0 || end - pos < (int) conn->dh_ys_len)
|
if (conn->dh_ys_len == 0 || conn->dh_ys_len > (size_t) (end - pos))
|
||||||
goto fail;
|
goto fail;
|
||||||
conn->dh_ys = os_malloc(conn->dh_ys_len);
|
conn->dh_ys = os_malloc(conn->dh_ys_len);
|
||||||
if (conn->dh_ys == NULL)
|
if (conn->dh_ys == NULL)
|
||||||
|
|
Loading…
Reference in a new issue