diff options
author | Jouni Malinen <jouni@qca.qualcomm.com> | 2015-07-17 20:43:17 +0300 |
---|---|---|
committer | Jouni Malinen <j@w1.fi> | 2015-07-17 20:43:17 +0300 |
commit | c7068f106f59a8783f5473746fc134b668673d29 (patch) | |
tree | 8db538ecbf84957a07f50300f52405e9cacb510d /src/wps | |
parent | 6462e7387d558fa4a95e98e61d5d5cd35a2d7690 (diff) | |
download | hostap-c7068f106f59a8783f5473746fc134b668673d29.tar.gz |
WPS: Avoid bogus static analyzer warning in ndef_parse_record()
Use a local variable and check the record payload length validity before
writing it into record->payload_length in hopes of getting rid of a
bogus static analyzer warning. The negative return value was sufficient
to avoid record->payload_length being used, but that seems to be too
complex for some analyzers. (CID 122668)
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat (limited to 'src/wps')
-rw-r--r-- | src/wps/ndef.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/src/wps/ndef.c b/src/wps/ndef.c index cc8f6e5cb..bb3c05548 100644 --- a/src/wps/ndef.c +++ b/src/wps/ndef.c @@ -45,12 +45,14 @@ static int ndef_parse_record(const u8 *data, u32 size, return -1; record->payload_length = *pos++; } else { + u32 len; + if (size < 6) return -1; - record->payload_length = WPA_GET_BE32(pos); - if (record->payload_length > size - 6 || - record->payload_length > 20000) + len = WPA_GET_BE32(pos); + if (len > size - 6 || len > 20000) return -1; + record->payload_length = len; pos += sizeof(u32); } |