Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

EAP-IKEv2: Make proposal_len validation clearer

Some static analyzers seem to have issues understanding "pos +
proposal_len > end" style validation, so convert this to "proposal_len >
end - pos" to make this more obvious to be bounds checking for
proposal_len. (CID 62874)

Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen 10 years ago
parent
c4de71cec5
commit
d36f416926
1 changed files with 1 additions and 1 deletions
Split View Show Diff Stats
  1. 1 1
      src/eap_peer/ikev2.c

+ 1 - 1
src/eap_peer/ikev2.c
View File 

@@ -213,7 +213,7 @@ static int ikev2_parse_proposal(struct ikev2_proposal_data *prop,
 
 
 	p = (const struct ikev2_proposal *) pos;
 
 	proposal_len = WPA_GET_BE16(p->proposal_length);
 
-	if (proposal_len < (int) sizeof(*p) || pos + proposal_len > end) {
 
+	if (proposal_len < (int) sizeof(*p) || proposal_len > end - pos) {
 
 		wpa_printf(MSG_INFO, "IKEV2: Invalid proposal length %d",
 
 			   proposal_len);
 
 		return -1;