WPS: Check NDEF record length fields separately

Try to make the bounds checking easier for static analyzers by checking
each length field separately in addition to checking them all in the end
against the total buffer length.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2022-11-20 12:08:47 +02:00
parent cd0e8653a2
commit 30403e9657

View file

@ -63,12 +63,18 @@ static int ndef_parse_record(const u8 *data, u32 size,
} else
record->id_length = 0;
if (record->type_length > data + size - pos)
return -1;
record->type = record->type_length == 0 ? NULL : pos;
pos += record->type_length;
if (record->id_length > data + size - pos)
return -1;
record->id = record->id_length == 0 ? NULL : pos;
pos += record->id_length;
if (record->payload_length > (size_t) (data + size - pos))
return -1;
record->payload = record->payload_length == 0 ? NULL : pos;
pos += record->payload_length;