From c42d41bf35cb205388adc0736e332057562f6f4b Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Tue, 3 Nov 2020 20:11:17 +0200 Subject: [PATCH] EAP-IKEv2: Try to make transform parser simpler to understand Use a local variable to try to make ikev2_parse_proposal() easier for static analyzers to understand. Bounds checking in the loop is really done by the ikev2_parse_transform() function, so the p->num_transforms value itself is of no importance for that part and even that was already implicitly limited in range. Signed-off-by: Jouni Malinen --- src/eap_peer/ikev2.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/eap_peer/ikev2.c b/src/eap_peer/ikev2.c index 7bd97b1b9..c2e6c5df5 100644 --- a/src/eap_peer/ikev2.c +++ b/src/eap_peer/ikev2.c @@ -201,7 +201,8 @@ static int ikev2_parse_proposal(struct ikev2_proposal_data *prop, const u8 *pos, const u8 *end) { const u8 *pend, *ppos; - int proposal_len, i; + int proposal_len; + unsigned int i, num; const struct ikev2_proposal *p; if (end - pos < (int) sizeof(*p)) { @@ -269,12 +270,13 @@ static int ikev2_parse_proposal(struct ikev2_proposal_data *prop, return -1; } - if (p->num_transforms == 0) { + num = p->num_transforms; + if (num == 0 || num > 255) { wpa_printf(MSG_INFO, "IKEV2: At least one transform required"); return -1; } - for (i = 0; i < (int) p->num_transforms; i++) { + for (i = 0; i < num; i++) { int tlen = ikev2_parse_transform(prop, ppos, pend); if (tlen < 0) return -1; @@ -411,7 +413,7 @@ static int ikev2_process_kei(struct ikev2_responder_data *data, wpa_hexdump_buf(MSG_DEBUG, "IKEV2: KEi Diffie-Hellman Public Value", data->i_dh_public); - + return 0; }