Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2024-11-25 00:38:24 -05:00
Code Issues Projects Releases Wiki Activity

HS 2.0: More explicit hs20_osu_icon_fetch() length validation

Browse Source 
The previous version was fine, but too much for some static analyzers to
understand as proper bounds checking. (CID 68122)

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2014-11-23 18:55:06 +02:00
parent 3e94937fa4
commit 5c58c0ce86
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
wpa_supplicant/hs20_supplicant.c
View File

@ -778,7 +778,7 @@ void hs20_osu_icon_fetch(struct wpa_supplicant *wpa_s)
num_providers--; num_providers--;
len = WPA_GET_LE16(pos); len = WPA_GET_LE16(pos);
pos += 2; pos += 2;
if (pos + len > end) if (len > (unsigned int) (end - pos))
break; break;
hs20_osu_add_prov(wpa_s, bss, osu_ssid, hs20_osu_add_prov(wpa_s, bss, osu_ssid,
osu_ssid_len, pos, len); osu_ssid_len, pos, len);