EAP-IKEv2: Try to make transform parser simpler to understand

Use a local variable to try to make ikev2_parse_proposal() easier for
static analyzers to understand. Bounds checking in the loop is really
done by the ikev2_parse_transform() function, so the p->num_transforms
value itself is of no importance for that part and even that was already
implicitly limited in range.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2020-11-03 20:11:17 +02:00 committed by Jouni Malinen
parent ec0d99c00e
commit c42d41bf35

View File

@ -201,7 +201,8 @@ static int ikev2_parse_proposal(struct ikev2_proposal_data *prop,
const u8 *pos, const u8 *end)
{
const u8 *pend, *ppos;
int proposal_len, i;
int proposal_len;
unsigned int i, num;
const struct ikev2_proposal *p;
if (end - pos < (int) sizeof(*p)) {
@ -269,12 +270,13 @@ static int ikev2_parse_proposal(struct ikev2_proposal_data *prop,
return -1;
}
if (p->num_transforms == 0) {
num = p->num_transforms;
if (num == 0 || num > 255) {
wpa_printf(MSG_INFO, "IKEV2: At least one transform required");
return -1;
}
for (i = 0; i < (int) p->num_transforms; i++) {
for (i = 0; i < num; i++) {
int tlen = ikev2_parse_transform(prop, ppos, pend);
if (tlen < 0)
return -1;