aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant/hs20_supplicant.c
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2014-11-23 16:55:06 (GMT)
committerJouni Malinen <j@w1.fi>2014-11-23 19:03:40 (GMT)
commit5c58c0ce86d7f81d456c0ab675adb47e42fd0bdb (patch)
tree0643431b63ecffb9240fee74f8e703fa328e2781 /wpa_supplicant/hs20_supplicant.c
parent3e94937fa4d1fc95bfa6b85b41e7dbda03e25a6d (diff)
downloadhostap-5c58c0ce86d7f81d456c0ab675adb47e42fd0bdb.zip
hostap-5c58c0ce86d7f81d456c0ab675adb47e42fd0bdb.tar.gz
hostap-5c58c0ce86d7f81d456c0ab675adb47e42fd0bdb.tar.bz2
HS 2.0: More explicit hs20_osu_icon_fetch() length validation
The previous version was fine, but too much for some static analyzers to understand as proper bounds checking. (CID 68122) Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'wpa_supplicant/hs20_supplicant.c')
-rw-r--r--wpa_supplicant/hs20_supplicant.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/wpa_supplicant/hs20_supplicant.c b/wpa_supplicant/hs20_supplicant.c
index 257aa6d..a36e7cf 100644
--- a/wpa_supplicant/hs20_supplicant.c
+++ b/wpa_supplicant/hs20_supplicant.c
@@ -778,7 +778,7 @@ void hs20_osu_icon_fetch(struct wpa_supplicant *wpa_s)
num_providers--;
len = WPA_GET_LE16(pos);
pos += 2;
- if (pos + len > end)
+ if (len > (unsigned int) (end - pos))
break;
hs20_osu_add_prov(wpa_s, bss, osu_ssid,
osu_ssid_len, pos, len);