aboutsummaryrefslogtreecommitdiffstats
path: root/src/eap_peer/eap_gpsk.c
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2014-06-18 14:14:59 (GMT)
committerJouni Malinen <j@w1.fi>2014-06-18 14:14:59 (GMT)
commit4075e2fe77927f4e845e7319c726bf406d574627 (patch)
tree9b2992cd1ebef76ee03e49cd0848e1fc4707fe34 /src/eap_peer/eap_gpsk.c
parent2dbc959699c9180f0923a5926079d823115025f0 (diff)
downloadhostap-4075e2fe77927f4e845e7319c726bf406d574627.zip
hostap-4075e2fe77927f4e845e7319c726bf406d574627.tar.gz
hostap-4075e2fe77927f4e845e7319c726bf406d574627.tar.bz2
EAP-GPSK: Clean up CSuite_List length validation (CID 62854)
Use a local variable and size_t in length comparison to make this easier for static analyzers to understand. In addition, set the return list and list_len values at the end of the function, i.e., only in success case. These do not change the actual behavior of the only caller for this function, but clarifies what the helper function is doing. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/eap_peer/eap_gpsk.c')
-rw-r--r--src/eap_peer/eap_gpsk.c18
1 files changed, 11 insertions, 7 deletions
diff --git a/src/eap_peer/eap_gpsk.c b/src/eap_peer/eap_gpsk.c
index 5b023c7..3c9cbf4 100644
--- a/src/eap_peer/eap_gpsk.c
+++ b/src/eap_peer/eap_gpsk.c
@@ -236,6 +236,8 @@ static const u8 * eap_gpsk_process_csuite_list(struct eap_sm *sm,
size_t *list_len,
const u8 *pos, const u8 *end)
{
+ size_t len;
+
if (pos == NULL)
return NULL;
@@ -243,23 +245,25 @@ static const u8 * eap_gpsk_process_csuite_list(struct eap_sm *sm,
wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short GPSK-1 packet");
return NULL;
}
- *list_len = WPA_GET_BE16(pos);
+ len = WPA_GET_BE16(pos);
pos += 2;
- if (end - pos < (int) *list_len) {
+ if (len > (size_t) (end - pos)) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: CSuite_List overflow");
return NULL;
}
- if (*list_len == 0 || (*list_len % sizeof(struct eap_gpsk_csuite))) {
+ if (len == 0 || (len % sizeof(struct eap_gpsk_csuite))) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: Invalid CSuite_List len %lu",
- (unsigned long) *list_len);
+ (unsigned long) len);
return NULL;
}
- *list = pos;
- pos += *list_len;
- if (eap_gpsk_select_csuite(sm, data, *list, *list_len) < 0)
+ if (eap_gpsk_select_csuite(sm, data, pos, len) < 0)
return NULL;
+ *list = pos;
+ *list_len = len;
+ pos += len;
+
return pos;
}