DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

EAP-SAKA: Simplify attribute parser for static analyzers

Browse source 
Make bounds checking in eap_sake_parse_attributes() easier to analyze.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2022-05-08 16:53:38 +03:00
parent 6e8518749f
commit 2982e50c15
1 changed files with 13 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
src/eap_common/eap_sake_common.c
View file

@ -164,26 +164,33 @@ int eap_sake_parse_attributes(const u8 *buf, size_t len,
os_memset(attr, 0, sizeof(*attr)); os_memset(attr, 0, sizeof(*attr));
while (pos < end) { while (pos < end) {
u8 attr_id, attr_len;
if (end - pos < 2) { if (end - pos < 2) {
wpa_printf(MSG_DEBUG, "EAP-SAKE: Too short attribute"); wpa_printf(MSG_DEBUG, "EAP-SAKE: Too short attribute");
return -1; return -1;
} }
if (pos[1] < 2) { attr_id = *pos++;
wpa_printf(MSG_DEBUG, "EAP-SAKE: Invalid attribute " attr_len = *pos++;
"length (%d)", pos[1]); /* Attribute length value includes the Type and Length fields */
if (attr_len < 2) {
wpa_printf(MSG_DEBUG,
"EAP-SAKE: Invalid attribute length (%d)",
attr_len);
return -1; return -1;
} }
attr_len -= 2;
if (pos + pos[1] > end) { if (attr_len > end - pos) {
wpa_printf(MSG_DEBUG, "EAP-SAKE: Attribute underflow"); wpa_printf(MSG_DEBUG, "EAP-SAKE: Attribute underflow");
return -1; return -1;
} }
if (eap_sake_parse_add_attr(attr, pos[0], pos[1] - 2, pos + 2)) if (eap_sake_parse_add_attr(attr, attr_id, attr_len, pos))
return -1; return -1;
pos += pos[1]; pos += attr_len;
} }
return 0; return 0;