aboutsummaryrefslogtreecommitdiffstats
path: root/src/eap_peer/eap_fast_pac.c
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2015-10-18 08:18:12 (GMT)
committerJouni Malinen <j@w1.fi>2015-10-24 18:43:54 (GMT)
commit72bb05a0333f76135a079eee844c71eff740a6ed (patch)
tree988cd61e3acbbf813334a45504a62e49de2e8f79 /src/eap_peer/eap_fast_pac.c
parented5e3a5888965969f19590561716d073045716a5 (diff)
downloadhostap-72bb05a0333f76135a079eee844c71eff740a6ed.zip
hostap-72bb05a0333f76135a079eee844c71eff740a6ed.tar.gz
hostap-72bb05a0333f76135a079eee844c71eff740a6ed.tar.bz2
EAP-FAST peer: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with pos+len operations. end-pos is always defined (with a valid pos pointer) while pos+len could end up pointing beyond the end pointer which would be undefined behavior. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/eap_peer/eap_fast_pac.c')
-rw-r--r--src/eap_peer/eap_fast_pac.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/eap_peer/eap_fast_pac.c b/src/eap_peer/eap_fast_pac.c
index 89e604e..c0986b3 100644
--- a/src/eap_peer/eap_fast_pac.c
+++ b/src/eap_peer/eap_fast_pac.c
@@ -709,7 +709,7 @@ static void eap_fast_pac_get_a_id(struct eap_fast_pac *pac)
pos = pac->pac_info;
end = pos + pac->pac_info_len;
- while (pos + 4 < end) {
+ while (end - pos > 4) {
type = WPA_GET_BE16(pos);
pos += 2;
len = WPA_GET_BE16(pos);