mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-25 00:38:24 -05:00
HS 2.0: More explicit hs20_osu_icon_fetch() length validation
The previous version was fine, but too much for some static analyzers to understand as proper bounds checking. (CID 68122) Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
3e94937fa4
commit
5c58c0ce86
@ -778,7 +778,7 @@ void hs20_osu_icon_fetch(struct wpa_supplicant *wpa_s)
|
||||
num_providers--;
|
||||
len = WPA_GET_LE16(pos);
|
||||
pos += 2;
|
||||
if (pos + len > end)
|
||||
if (len > (unsigned int) (end - pos))
|
||||
break;
|
||||
hs20_osu_add_prov(wpa_s, bss, osu_ssid,
|
||||
osu_ssid_len, pos, len);
|
||||
|
Loading…
Reference in New Issue
Block a user