aboutsummaryrefslogtreecommitdiffstats
path: root/src/utils
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2015-10-18 15:51:59 (GMT)
committerJouni Malinen <j@w1.fi>2015-10-25 13:35:00 (GMT)
commit40762fcede7f6f100fd41e0e2a78804051e1e581 (patch)
treeefa32a3de9abf67b8c99dc45168f7a2a45acdeac /src/utils
parent80c620dbd7fc580f36a30a092493e9ea5cf7bb04 (diff)
downloadhostap-40762fcede7f6f100fd41e0e2a78804051e1e581.zip
hostap-40762fcede7f6f100fd41e0e2a78804051e1e581.tar.gz
hostap-40762fcede7f6f100fd41e0e2a78804051e1e581.tar.bz2
PCSC: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with pos+len operations. end-pos is always defined (with a valid pos pointer) while pos+len could end up pointing beyond the end pointer which would be undefined behavior. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/utils')
-rw-r--r--src/utils/pcsc_funcs.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/src/utils/pcsc_funcs.c b/src/utils/pcsc_funcs.c
index 6f5ea93..2f1157b 100644
--- a/src/utils/pcsc_funcs.c
+++ b/src/utils/pcsc_funcs.c
@@ -275,7 +275,7 @@ static int scard_parse_fsp_templ(unsigned char *buf, size_t buf_len,
pos++;
if (pos >= end)
return -1;
- if ((pos + pos[0]) < end)
+ if (pos[0] < end - pos)
end = pos + 1 + pos[0];
pos++;
wpa_hexdump(MSG_DEBUG, "SCARD: file header FSP template",
@@ -1385,7 +1385,7 @@ int scard_umts_auth(struct scard_data *scard, const unsigned char *_rand,
end = buf + len;
/* RES */
- if (pos[0] > RES_MAX_LEN || pos + pos[0] > end) {
+ if (pos[0] > RES_MAX_LEN || pos[0] > end - pos) {
wpa_printf(MSG_DEBUG, "SCARD: Invalid RES");
return -1;
}
@@ -1395,7 +1395,7 @@ int scard_umts_auth(struct scard_data *scard, const unsigned char *_rand,
wpa_hexdump(MSG_DEBUG, "SCARD: RES", res, *res_len);
/* CK */
- if (pos[0] != CK_LEN || pos + CK_LEN > end) {
+ if (pos[0] != CK_LEN || CK_LEN > end - pos) {
wpa_printf(MSG_DEBUG, "SCARD: Invalid CK");
return -1;
}
@@ -1405,7 +1405,7 @@ int scard_umts_auth(struct scard_data *scard, const unsigned char *_rand,
wpa_hexdump(MSG_DEBUG, "SCARD: CK", ck, CK_LEN);
/* IK */
- if (pos[0] != IK_LEN || pos + IK_LEN > end) {
+ if (pos[0] != IK_LEN || IK_LEN > end - pos) {
wpa_printf(MSG_DEBUG, "SCARD: Invalid IK");
return -1;
}