Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

P2P NFC: Make code easier for static analyzers

len + pos > end comparison here did verify that the length field had a
valid value, but that did not seem to enough to avoid TAINTED_SCALAR
warning. Re-order that validation step to be equivalent "len > end -
pos" to remove these false positives (CID 68116).

Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen 10 years ago
parent
6c9f74deaf
commit
c061ae590a
1 changed files with 2 additions and 2 deletions
Split View Show Diff Stats
  1. 2 2
      wpa_supplicant/p2p_supplicant.c

+ 2 - 2
wpa_supplicant/p2p_supplicant.c
View File 

@@ -7602,7 +7602,7 @@ static int wpas_p2p_nfc_connection_handover(struct wpa_supplicant *wpa_s,
 
 	}
 
 	len = WPA_GET_BE16(pos);
 
 	pos += 2;
 
-	if (pos + len > end) {
 
+	if (len > end - pos) {
 
 		wpa_printf(MSG_DEBUG, "P2P: Not enough data for WSC "
 
 			   "attributes");
 
 		return -1;
 
@@ -7618,7 +7618,7 @@ static int wpas_p2p_nfc_connection_handover(struct wpa_supplicant *wpa_s,
 
 	}
 
 	len = WPA_GET_BE16(pos);
 
 	pos += 2;
 
-	if (pos + len > end) {
 
+	if (len > end - pos) {
 
 		wpa_printf(MSG_DEBUG, "P2P: Not enough data for P2P "
 
 			   "attributes");
 
 		return -1;