Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2025-01-31 01:04:03 -05:00
Code Issues Projects Releases Wiki Activity

WPS: Avoid bogus static analyzer warning in ndef_parse_record()

Browse Source 
Use a local variable and check the record payload length validity before
writing it into record->payload_length in hopes of getting rid of a
bogus static analyzer warning. The negative return value was sufficient
to avoid record->payload_length being used, but that seems to be too
complex for some analyzers. (CID 122668)

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen 2015-07-17 20:43:17 +03:00 committed by Jouni Malinen
parent 6462e7387d
commit c7068f106f
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/wps/ndef.c
View File

@ -45,12 +45,14 @@ static int ndef_parse_record(const u8 *data, u32 size,
return -1; return -1;
record->payload_length = *pos++; record->payload_length = *pos++;
} else { } else {
u32 len;
if (size < 6) if (size < 6)
return -1; return -1;
record->payload_length = WPA_GET_BE32(pos); len = WPA_GET_BE32(pos);
if (record->payload_length > size - 6 || if (len > size - 6 || len > 20000)
record->payload_length > 20000)
return -1; return -1;
record->payload_length = len;
pos += sizeof(u32); pos += sizeof(u32);
} }