aboutsummaryrefslogtreecommitdiffstats
path: root/src/radius
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2015-10-18 14:46:32 (GMT)
committerJouni Malinen <j@w1.fi>2015-10-25 13:34:59 (GMT)
commitde7fe64df5e3f90dd97767f835998bc1cbd8f56e (patch)
tree9a857b215f966f9420bc654c10c649e58bbdbeed /src/radius
parentd2eb91e08f07120daac06137ce9679feb8e94412 (diff)
downloadhostap-de7fe64df5e3f90dd97767f835998bc1cbd8f56e.zip
hostap-de7fe64df5e3f90dd97767f835998bc1cbd8f56e.tar.gz
hostap-de7fe64df5e3f90dd97767f835998bc1cbd8f56e.tar.bz2
RADIUS: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with pos+len operations. end-pos is always defined (with a valid pos pointer) while pos+len could end up pointing beyond the end pointer which would be undefined behavior. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/radius')
-rw-r--r--src/radius/radius.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/radius/radius.c b/src/radius/radius.c
index bd2aadd..266b29f 100644
--- a/src/radius/radius.c
+++ b/src/radius/radius.c
@@ -704,7 +704,7 @@ struct radius_msg * radius_msg_parse(const u8 *data, size_t len)
attr = (struct radius_attr_hdr *) pos;
- if (pos + attr->length > end || attr->length < sizeof(*attr))
+ if (attr->length > end - pos || attr->length < sizeof(*attr))
goto fail;
/* TODO: check that attr->length is suitable for attr->type */